LAYER: meta PACKAGE NAME: expect PACKAGE VERSION: 5.45.4 CVE: CVE-2001-1374 CVE STATUS: Patched CVE SUMMARY: expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1374 LAYER: meta PACKAGE NAME: expect PACKAGE VERSION: 5.45.4 CVE: CVE-2001-1467 CVE STATUS: Patched CVE SUMMARY: mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1467 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2002-1119 CVE STATUS: Patched CVE SUMMARY: os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1119 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2004-0150 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0150 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2005-0089 CVE STATUS: Patched CVE SUMMARY: The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0089 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2006-1542 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1542 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2006-4980 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4980 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2007-1657 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1657 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2007-2052 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-2052 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2007-4559 CVE STATUS: Ignored CVE SUMMARY: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4559 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2007-4965 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4965 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-1679 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1679 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-1721 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1721 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-1887 CVE STATUS: Patched CVE SUMMARY: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1887 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-2315 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2315 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-2316 CVE STATUS: Patched CVE SUMMARY: Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2316 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-3142 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3142 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-3143 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3143 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-3144 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3144 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-4108 CVE STATUS: Patched CVE SUMMARY: Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4108 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-4864 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4864 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-5031 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5031 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2008-5983 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5983 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2009-4134 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4134 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2010-1449 CVE STATUS: Patched CVE SUMMARY: Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1449 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2010-1450 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1450 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2010-1634 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1634 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2010-2089 CVE STATUS: Patched CVE SUMMARY: The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2089 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2010-3492 CVE STATUS: Patched CVE SUMMARY: The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3492 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2010-3493 CVE STATUS: Patched CVE SUMMARY: Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3493 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2011-1015 CVE STATUS: Patched CVE SUMMARY: The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1015 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2011-1521 CVE STATUS: Patched CVE SUMMARY: The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1521 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2011-4940 CVE STATUS: Patched CVE SUMMARY: The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4940 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2011-4944 CVE STATUS: Patched CVE SUMMARY: Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4944 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2012-0845 CVE STATUS: Patched CVE SUMMARY: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0845 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2012-0876 CVE STATUS: Patched CVE SUMMARY: The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0876 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2012-1150 CVE STATUS: Patched CVE SUMMARY: Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1150 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2012-2135 CVE STATUS: Patched CVE SUMMARY: The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2135 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2013-0340 CVE STATUS: Patched CVE SUMMARY: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0340 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2013-1753 CVE STATUS: Patched CVE SUMMARY: The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1753 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2013-2099 CVE STATUS: Patched CVE SUMMARY: Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2099 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2013-4238 CVE STATUS: Patched CVE SUMMARY: The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4238 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2013-7040 CVE STATUS: Patched CVE SUMMARY: Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7040 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2013-7338 CVE STATUS: Patched CVE SUMMARY: Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7338 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2013-7440 CVE STATUS: Patched CVE SUMMARY: The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7440 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2014-0224 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0224 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2014-1912 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1912 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2014-2667 CVE STATUS: Patched CVE SUMMARY: Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2667 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2014-4616 CVE STATUS: Patched CVE SUMMARY: Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4616 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2014-4650 CVE STATUS: Patched CVE SUMMARY: The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4650 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2014-7185 CVE STATUS: Patched CVE SUMMARY: Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7185 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2014-9365 CVE STATUS: Patched CVE SUMMARY: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9365 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2015-1283 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1283 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2015-20107 CVE STATUS: Ignored CVE SUMMARY: In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 CVSS v2 BASE SCORE: 8.0 CVSS v3 BASE SCORE: 7.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-20107 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2015-5652 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5652 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2016-0718 CVE STATUS: Patched CVE SUMMARY: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0718 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2016-0772 CVE STATUS: Patched CVE SUMMARY: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0772 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2016-1000110 CVE STATUS: Patched CVE SUMMARY: The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1000110 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2016-2183 CVE STATUS: Patched CVE SUMMARY: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2183 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2016-3189 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2016-4472 CVE STATUS: Patched CVE SUMMARY: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4472 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2016-5636 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5636 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2016-5699 CVE STATUS: Patched CVE SUMMARY: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5699 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2016-9063 CVE STATUS: Patched CVE SUMMARY: An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9063 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2017-1000158 CVE STATUS: Patched CVE SUMMARY: CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000158 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2017-17522 CVE STATUS: Patched CVE SUMMARY: Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17522 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2017-18207 CVE STATUS: Patched CVE SUMMARY: The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18207 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2017-20052 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-20052 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2017-9233 CVE STATUS: Patched CVE SUMMARY: XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9233 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2018-1000030 CVE STATUS: Patched CVE SUMMARY: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 3.6 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000030 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2018-1000117 CVE STATUS: Patched CVE SUMMARY: Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000117 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2018-1000802 CVE STATUS: Patched CVE SUMMARY: Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000802 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2018-1060 CVE STATUS: Patched CVE SUMMARY: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1060 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2018-1061 CVE STATUS: Patched CVE SUMMARY: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1061 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2018-14647 CVE STATUS: Patched CVE SUMMARY: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14647 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2018-20406 CVE STATUS: Patched CVE SUMMARY: Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20406 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2018-20852 CVE STATUS: Patched CVE SUMMARY: http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20852 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2018-25032 CVE STATUS: Patched CVE SUMMARY: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25032 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-10160 CVE STATUS: Patched CVE SUMMARY: A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10160 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-12900 CVE STATUS: Patched CVE SUMMARY: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12900 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-13404 CVE STATUS: Patched CVE SUMMARY: The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the user's responsibility to ensure C:\Python27 access control or choose a different directory, because backwards compatibility requires that C:\Python27 remain the default for 2.7.x CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13404 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-15903 CVE STATUS: Patched CVE SUMMARY: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15903 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-16056 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16056 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-16935 CVE STATUS: Patched CVE SUMMARY: The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16935 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-17514 CVE STATUS: Patched CVE SUMMARY: library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17514 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-18348 CVE STATUS: Ignored CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18348 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-20907 CVE STATUS: Patched CVE SUMMARY: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20907 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-5010 CVE STATUS: Patched CVE SUMMARY: An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5010 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-9636 CVE STATUS: Patched CVE SUMMARY: Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9636 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-9674 CVE STATUS: Patched CVE SUMMARY: Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9674 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-9740 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9740 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-9947 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9947 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2019-9948 CVE STATUS: Patched CVE SUMMARY: urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9948 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2020-10735 CVE STATUS: Patched CVE SUMMARY: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10735 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2020-14422 CVE STATUS: Patched CVE SUMMARY: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14422 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2020-15523 CVE STATUS: Ignored CVE SUMMARY: In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15523 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2020-15801 CVE STATUS: Patched CVE SUMMARY: In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The ._pth file (e.g., the python._pth file) is not affected. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15801 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2020-26116 CVE STATUS: Patched CVE SUMMARY: http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26116 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2020-27619 CVE STATUS: Patched CVE SUMMARY: In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27619 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2020-8315 CVE STATUS: Patched CVE SUMMARY: In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8315 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2020-8492 CVE STATUS: Patched CVE SUMMARY: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8492 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2021-23336 CVE STATUS: Patched CVE SUMMARY: The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23336 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2021-28861 CVE STATUS: Patched CVE SUMMARY: Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28861 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2021-29921 CVE STATUS: Patched CVE SUMMARY: In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29921 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2021-3177 CVE STATUS: Patched CVE SUMMARY: Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3177 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2021-3426 CVE STATUS: Patched CVE SUMMARY: There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 5.7 VECTOR: ADJACENT_NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3426 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2021-3733 CVE STATUS: Patched CVE SUMMARY: There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3733 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2021-3737 CVE STATUS: Patched CVE SUMMARY: A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3737 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2021-4189 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4189 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2022-0391 CVE STATUS: Patched CVE SUMMARY: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0391 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2022-26488 CVE STATUS: Ignored CVE SUMMARY: In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26488 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2022-37454 CVE STATUS: Patched CVE SUMMARY: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-37454 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2022-42919 CVE STATUS: Patched CVE SUMMARY: Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-42919 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2022-45061 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-45061 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2022-48560 CVE STATUS: Patched CVE SUMMARY: A use-after-free exists in Python through 3.9 via heappushpop in heapq. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48560 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2022-48564 CVE STATUS: Patched CVE SUMMARY: read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48564 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2022-48565 CVE STATUS: Patched CVE SUMMARY: An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48565 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2022-48566 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-48566 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2023-24329 CVE STATUS: Patched CVE SUMMARY: An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24329 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2023-27043 CVE STATUS: Unpatched CVE SUMMARY: The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27043 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2023-33595 CVE STATUS: Patched CVE SUMMARY: CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-33595 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2023-36632 CVE STATUS: Ignored CVE SUMMARY: The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-36632 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2023-38898 CVE STATUS: Patched CVE SUMMARY: An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-38898 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2023-40217 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40217 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2023-41105 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41105 LAYER: meta PACKAGE NAME: python3 PACKAGE VERSION: 3.10.13 CVE: CVE-2023-6507 CVE STATUS: Patched CVE SUMMARY: An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6507 LAYER: meta PACKAGE NAME: base-files PACKAGE VERSION: 3.0.14 CVE: CVE-2018-6557 CVE STATUS: Patched CVE SUMMARY: The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6557 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2002-1170 CVE STATUS: Patched CVE SUMMARY: The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1170 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2003-0935 CVE STATUS: Patched CVE SUMMARY: Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0935 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2005-1740 CVE STATUS: Patched CVE SUMMARY: fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1740 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2005-2177 CVE STATUS: Patched CVE SUMMARY: Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2177 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2005-2811 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2811 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2005-4837 CVE STATUS: Patched CVE SUMMARY: snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4837 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2006-6305 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6305 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2007-5846 CVE STATUS: Patched CVE SUMMARY: The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5846 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2008-2292 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2292 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2008-4309 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4309 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2008-6123 CVE STATUS: Patched CVE SUMMARY: The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6123 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2009-1887 CVE STATUS: Patched CVE SUMMARY: agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1887 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2012-2141 CVE STATUS: Patched CVE SUMMARY: Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2141 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2012-6151 CVE STATUS: Patched CVE SUMMARY: Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6151 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2014-2284 CVE STATUS: Patched CVE SUMMARY: The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2284 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2014-2285 CVE STATUS: Patched CVE SUMMARY: The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2285 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2014-2310 CVE STATUS: Patched CVE SUMMARY: The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2310 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2014-3565 CVE STATUS: Patched CVE SUMMARY: snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3565 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2015-5621 CVE STATUS: Patched CVE SUMMARY: The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5621 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2015-8100 CVE STATUS: Patched CVE SUMMARY: The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8100 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2018-1000116 CVE STATUS: Patched CVE SUMMARY: NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000116 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2018-18065 CVE STATUS: Patched CVE SUMMARY: _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18065 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2018-18066 CVE STATUS: Patched CVE SUMMARY: snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18066 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2019-20892 CVE STATUS: Patched CVE SUMMARY: net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20892 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2020-15861 CVE STATUS: Patched CVE SUMMARY: Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15861 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2020-15862 CVE STATUS: Patched CVE SUMMARY: Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15862 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2022-44792 CVE STATUS: Patched CVE SUMMARY: handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44792 LAYER: meta-networking PACKAGE NAME: net-snmp PACKAGE VERSION: 5.9.3 CVE: CVE-2022-44793 CVE STATUS: Patched CVE SUMMARY: handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44793 LAYER: meta PACKAGE NAME: python3-certifi PACKAGE VERSION: 2021.10.8 CVE: CVE-2022-23491 CVE STATUS: Patched CVE SUMMARY: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23491 LAYER: meta PACKAGE NAME: python3-certifi PACKAGE VERSION: 2021.10.8 CVE: CVE-2023-37920 CVE STATUS: Patched CVE SUMMARY: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37920 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.2.6 CVE: CVE-2015-4035 CVE STATUS: Patched CVE SUMMARY: scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4035 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.2.6 CVE: CVE-2020-22916 CVE STATUS: Patched CVE SUMMARY: An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-22916 LAYER: meta PACKAGE NAME: xz PACKAGE VERSION: 5.2.6 CVE: CVE-2021-29482 CVE STATUS: Patched CVE SUMMARY: xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29482 LAYER: meta PACKAGE NAME: readline PACKAGE VERSION: 8.1.2 CVE: CVE-2014-2524 CVE STATUS: Patched CVE SUMMARY: The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2524 LAYER: meta PACKAGE NAME: syslinux PACKAGE VERSION: 6.04-pre2 CVE: CVE-2003-1422 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-1422 LAYER: meta PACKAGE NAME: iputils PACKAGE VERSION: 20211215 CVE: CVE-2000-1213 CVE STATUS: Ignored CVE SUMMARY: ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1213 LAYER: meta PACKAGE NAME: iputils PACKAGE VERSION: 20211215 CVE: CVE-2000-1214 CVE STATUS: Ignored CVE SUMMARY: Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1214 LAYER: meta PACKAGE NAME: iputils PACKAGE VERSION: 20211215 CVE: CVE-2010-2529 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2529 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.46.5 CVE: CVE-2007-5497 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5497 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.46.5 CVE: CVE-2015-0247 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0247 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.46.5 CVE: CVE-2015-1572 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1572 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.46.5 CVE: CVE-2019-5094 CVE STATUS: Patched CVE SUMMARY: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5094 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.46.5 CVE: CVE-2019-5188 CVE STATUS: Patched CVE SUMMARY: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5188 LAYER: meta PACKAGE NAME: e2fsprogs PACKAGE VERSION: 1.46.5 CVE: CVE-2022-1304 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1304 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.1 CVE: CVE-2014-0012 CVE STATUS: Patched CVE SUMMARY: FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0012 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.1 CVE: CVE-2014-1402 CVE STATUS: Patched CVE SUMMARY: The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1402 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.1 CVE: CVE-2016-10745 CVE STATUS: Patched CVE SUMMARY: In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10745 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.1 CVE: CVE-2019-10906 CVE STATUS: Patched CVE SUMMARY: In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10906 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.1 CVE: CVE-2019-8341 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8341 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.1 CVE: CVE-2020-28493 CVE STATUS: Patched CVE SUMMARY: This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28493 LAYER: meta PACKAGE NAME: python3-jinja2 PACKAGE VERSION: 3.1.1 CVE: CVE-2024-22195 CVE STATUS: Unpatched CVE SUMMARY: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-22195 LAYER: meta PACKAGE NAME: cronie PACKAGE VERSION: 1.6.1 CVE: CVE-2010-0424 CVE STATUS: Patched CVE SUMMARY: The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0424 LAYER: meta PACKAGE NAME: cronie PACKAGE VERSION: 1.6.1 CVE: CVE-2012-6097 CVE STATUS: Patched CVE SUMMARY: File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6097 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2014-5461 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5461 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2019-6706 CVE STATUS: Patched CVE SUMMARY: Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6706 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2020-15888 CVE STATUS: Patched CVE SUMMARY: Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15888 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2020-15889 CVE STATUS: Patched CVE SUMMARY: Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15889 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2020-15945 CVE STATUS: Patched CVE SUMMARY: Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15945 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2020-24342 CVE STATUS: Patched CVE SUMMARY: Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24342 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2020-24369 CVE STATUS: Patched CVE SUMMARY: ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24369 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2020-24370 CVE STATUS: Patched CVE SUMMARY: ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24370 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2020-24371 CVE STATUS: Patched CVE SUMMARY: lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24371 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2021-43519 CVE STATUS: Patched CVE SUMMARY: Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43519 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2021-44647 CVE STATUS: Patched CVE SUMMARY: Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44647 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2021-44964 CVE STATUS: Patched CVE SUMMARY: Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-44964 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2021-45985 CVE STATUS: Patched CVE SUMMARY: In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45985 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2022-28805 CVE STATUS: Patched CVE SUMMARY: singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28805 LAYER: meta PACKAGE NAME: lua PACKAGE VERSION: 5.4.4 CVE: CVE-2022-33099 CVE STATUS: Patched CVE SUMMARY: An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-33099 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2007-1030 CVE STATUS: Patched CVE SUMMARY: Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1030 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2014-6272 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the evbuffer API in Libevent 1.4.x before 1.4.15, 2.0.x before 2.0.22, and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_expand, or (3) bufferevent_write function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier has been SPLIT per ADT3 due to different affected versions. See CVE-2015-6525 for the functions that are only affected in 2.0 and later. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6272 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2015-6525 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6525 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2016-10195 CVE STATUS: Patched CVE SUMMARY: The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10195 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2016-10196 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10196 LAYER: meta PACKAGE NAME: libevent PACKAGE VERSION: 2.1.12 CVE: CVE-2016-10197 CVE STATUS: Patched CVE SUMMARY: The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10197 LAYER: meta PACKAGE NAME: strace PACKAGE VERSION: 5.16 CVE: CVE-2000-0006 CVE STATUS: Unpatched CVE SUMMARY: strace allows local users to read arbitrary files via memory mapped file names. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0006 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2015-8370 CVE STATUS: Patched CVE SUMMARY: Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8370 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2019-14865 CVE STATUS: Ignored CVE SUMMARY: A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.9 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14865 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-10713 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10713 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-14308 CVE STATUS: Patched CVE SUMMARY: In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14308 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-14309 CVE STATUS: Patched CVE SUMMARY: There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14309 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-14310 CVE STATUS: Patched CVE SUMMARY: There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14310 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-14311 CVE STATUS: Patched CVE SUMMARY: There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14311 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-14372 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 7.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14372 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-15705 CVE STATUS: Patched CVE SUMMARY: GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15705 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-15706 CVE STATUS: Patched CVE SUMMARY: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15706 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-15707 CVE STATUS: Patched CVE SUMMARY: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15707 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-25632 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25632 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-25647 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.6 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25647 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-27749 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27749 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2020-27779 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27779 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2021-20225 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20225 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2021-20233 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20233 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2021-3418 CVE STATUS: Patched CVE SUMMARY: If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3418 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2021-3695 CVE STATUS: Patched CVE SUMMARY: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 4.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3695 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2021-3696 CVE STATUS: Patched CVE SUMMARY: A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 4.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3696 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2021-3697 CVE STATUS: Patched CVE SUMMARY: A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3697 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2021-3981 CVE STATUS: Patched CVE SUMMARY: A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3981 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2021-46705 CVE STATUS: Ignored CVE SUMMARY: A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46705 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2022-2601 CVE STATUS: Patched CVE SUMMARY: A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2601 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2022-28733 CVE STATUS: Patched CVE SUMMARY: Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28733 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2022-28734 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28734 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2022-28735 CVE STATUS: Patched CVE SUMMARY: The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28735 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2022-28736 CVE STATUS: Patched CVE SUMMARY: There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28736 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2022-3775 CVE STATUS: Patched CVE SUMMARY: When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3775 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2023-4001 CVE STATUS: Unpatched CVE SUMMARY: An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: PHYSICAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4001 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2023-4692 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4692 LAYER: meta PACKAGE NAME: grub-efi PACKAGE VERSION: 2.06 CVE: CVE-2023-4693 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.6 VECTOR: PHYSICAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4693 LAYER: new-recipes PACKAGE NAME: beanstalkd PACKAGE VERSION: 1.12 CVE: CVE-2010-2060 CVE STATUS: Patched CVE SUMMARY: The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2060 LAYER: meta-oe PACKAGE NAME: unixodbc PACKAGE VERSION: 2.3.9 CVE: CVE-2011-1145 CVE STATUS: Patched CVE SUMMARY: The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1145 LAYER: meta-oe PACKAGE NAME: unixodbc PACKAGE VERSION: 2.3.9 CVE: CVE-2012-2657 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2657 LAYER: meta-oe PACKAGE NAME: unixodbc PACKAGE VERSION: 2.3.9 CVE: CVE-2012-2658 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2658 LAYER: meta-oe PACKAGE NAME: unixodbc PACKAGE VERSION: 2.3.9 CVE: CVE-2018-7409 CVE STATUS: Patched CVE SUMMARY: In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7409 LAYER: meta-oe PACKAGE NAME: unixodbc PACKAGE VERSION: 2.3.9 CVE: CVE-2018-7485 CVE STATUS: Patched CVE SUMMARY: The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7485 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2016-3697 CVE STATUS: Patched CVE SUMMARY: libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3697 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2019-16884 CVE STATUS: Patched CVE SUMMARY: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16884 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2019-19921 CVE STATUS: Patched CVE SUMMARY: runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19921 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2019-5736 CVE STATUS: Patched CVE SUMMARY: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5736 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2021-30465 CVE STATUS: Patched CVE SUMMARY: runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 8.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30465 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2021-43784 CVE STATUS: Patched CVE SUMMARY: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 5.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43784 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2022-24769 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.9 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24769 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2022-29162 CVE STATUS: Patched CVE SUMMARY: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29162 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2023-25809 CVE STATUS: Unpatched CVE SUMMARY: runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25809 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2023-27561 CVE STATUS: Unpatched CVE SUMMARY: runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27561 LAYER: meta-virtualization PACKAGE NAME: runc-opencontainers PACKAGE VERSION: 1.1.4+gitAUTOINC+974efd2dfc CVE: CVE-2023-28642 CVE STATUS: Unpatched CVE SUMMARY: runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28642 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-0047 CVE STATUS: Patched CVE SUMMARY: Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0047 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-0048 CVE STATUS: Patched CVE SUMMARY: An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0048 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-3499 CVE STATUS: Patched CVE SUMMARY: Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3499 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-5277 CVE STATUS: Patched CVE SUMMARY: Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5277 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-5278 CVE STATUS: Patched CVE SUMMARY: A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5278 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-5282 CVE STATUS: Patched CVE SUMMARY: Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5282 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-6407 CVE STATUS: Patched CVE SUMMARY: Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6407 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-6408 CVE STATUS: Patched CVE SUMMARY: Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6408 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-8178 CVE STATUS: Patched CVE SUMMARY: Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8178 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-8179 CVE STATUS: Patched CVE SUMMARY: Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8179 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-9356 CVE STATUS: Patched CVE SUMMARY: Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile. CVSS v2 BASE SCORE: 8.5 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9356 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-9357 CVE STATUS: Patched CVE SUMMARY: Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9357 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2014-9358 CVE STATUS: Patched CVE SUMMARY: Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications." CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9358 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2015-1843 CVE STATUS: Patched CVE SUMMARY: The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1843 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2015-3627 CVE STATUS: Patched CVE SUMMARY: Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3627 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2015-3630 CVE STATUS: Patched CVE SUMMARY: Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3630 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2015-3631 CVE STATUS: Patched CVE SUMMARY: Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3631 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2016-3697 CVE STATUS: Patched CVE SUMMARY: libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3697 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2016-6595 CVE STATUS: Patched CVE SUMMARY: The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6595 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2016-8867 CVE STATUS: Patched CVE SUMMARY: Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8867 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2016-9962 CVE STATUS: Patched CVE SUMMARY: RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9962 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2017-14992 CVE STATUS: Patched CVE SUMMARY: Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14992 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2017-16539 CVE STATUS: Patched CVE SUMMARY: The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16539 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2018-10892 CVE STATUS: Patched CVE SUMMARY: The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10892 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2018-12608 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12608 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2018-15514 CVE STATUS: Patched CVE SUMMARY: HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the "docker-users" group (who may not otherwise have administrator access) to escalate to administrator privileges. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15514 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2018-15664 CVE STATUS: Patched CVE SUMMARY: In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot). CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 7.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-15664 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2019-10340 CVE STATUS: Patched CVE SUMMARY: A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10340 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2019-10341 CVE STATUS: Patched CVE SUMMARY: A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10341 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2019-10342 CVE STATUS: Patched CVE SUMMARY: A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10342 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2019-13139 CVE STATUS: Patched CVE SUMMARY: In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13139 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2019-13509 CVE STATUS: Patched CVE SUMMARY: In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13509 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2019-14271 CVE STATUS: Patched CVE SUMMARY: In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14271 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2019-15752 CVE STATUS: Patched CVE SUMMARY: Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15752 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2019-16884 CVE STATUS: Patched CVE SUMMARY: runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16884 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2019-5736 CVE STATUS: Patched CVE SUMMARY: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5736 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2020-14298 CVE STATUS: Patched CVE SUMMARY: The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14298 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2020-14300 CVE STATUS: Patched CVE SUMMARY: The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14300 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2020-27534 CVE STATUS: Patched CVE SUMMARY: util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27534 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2021-21284 CVE STATUS: Patched CVE SUMMARY: In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. CVSS v2 BASE SCORE: 2.7 CVSS v3 BASE SCORE: 6.8 VECTOR: ADJACENT_NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21284 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2021-21285 CVE STATUS: Patched CVE SUMMARY: In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21285 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2021-3162 CVE STATUS: Patched CVE SUMMARY: Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3162 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2021-33183 CVE STATUS: Patched CVE SUMMARY: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 7.9 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33183 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2021-41089 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41089 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2021-41091 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41091 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2022-24769 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.9 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24769 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2022-25365 CVE STATUS: Patched CVE SUMMARY: Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25365 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2022-27652 CVE STATUS: Patched CVE SUMMARY: A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27652 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2022-36109 CVE STATUS: Patched CVE SUMMARY: Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-36109 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2023-28840 CVE STATUS: Patched CVE SUMMARY: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28840 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2023-28841 CVE STATUS: Patched CVE SUMMARY: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28841 LAYER: meta-virtualization PACKAGE NAME: docker-ce PACKAGE VERSION: 20.10.25-ce+git791d8ab87747169b4cbfcdf2fd57c81952bae6d5 CVE: CVE-2023-28842 CVE STATUS: Patched CVE SUMMARY: Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28842 LAYER: meta PACKAGE NAME: iproute2 PACKAGE VERSION: 5.17.0 CVE: CVE-2012-1088 CVE STATUS: Patched CVE SUMMARY: iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1088 LAYER: meta PACKAGE NAME: iproute2 PACKAGE VERSION: 5.17.0 CVE: CVE-2019-20795 CVE STATUS: Patched CVE SUMMARY: iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20795 LAYER: meta PACKAGE NAME: gmp PACKAGE VERSION: 6.2.1 CVE: CVE-2021-43618 CVE STATUS: Patched CVE SUMMARY: GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43618 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2014-1829 CVE STATUS: Patched CVE SUMMARY: Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1829 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2014-1830 CVE STATUS: Patched CVE SUMMARY: Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1830 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2015-2296 CVE STATUS: Patched CVE SUMMARY: The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2296 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2018-18074 CVE STATUS: Patched CVE SUMMARY: The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-18074 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2021-21674 CVE STATUS: Patched CVE SUMMARY: A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21674 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2021-21675 CVE STATUS: Patched CVE SUMMARY: A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21675 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2021-21676 CVE STATUS: Patched CVE SUMMARY: Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified email address. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21676 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2021-29476 CVE STATUS: Patched CVE SUMMARY: Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29476 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2022-34782 CVE STATUS: Patched CVE SUMMARY: An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-34782 LAYER: new-versions PACKAGE NAME: python3-requests PACKAGE VERSION: 2.31.0 CVE: CVE-2023-32681 CVE STATUS: Patched CVE SUMMARY: Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32681 LAYER: meta PACKAGE NAME: dmidecode PACKAGE VERSION: 3.3 CVE: CVE-2023-30630 CVE STATUS: Patched CVE SUMMARY: Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30630 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2008-0263 CVE STATUS: Unpatched CVE SUMMARY: The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0263 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2008-0494 CVE STATUS: Patched CVE SUMMARY: Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0494 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2010-0475 CVE STATUS: Unpatched CVE SUMMARY: Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0475 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2012-4923 CVE STATUS: Patched CVE SUMMARY: Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4923 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2019-14270 CVE STATUS: Unpatched CVE SUMMARY: Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14270 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2022-0675 CVE STATUS: Unpatched CVE SUMMARY: In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0675 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2022-1807 CVE STATUS: Unpatched CVE SUMMARY: Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1807 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2022-3236 CVE STATUS: Unpatched CVE SUMMARY: A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3236 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2023-42552 CVE STATUS: Unpatched CVE SUMMARY: Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-42552 LAYER: meta-opengear-prop PACKAGE NAME: firewall PACKAGE VERSION: 1.0 CVE: CVE-2023-5552 CVE STATUS: Unpatched CVE SUMMARY: A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5552 LAYER: meta PACKAGE NAME: lz4 PACKAGE VERSION: 1_1.9.4 CVE: CVE-2014-4715 CVE STATUS: Ignored CVE SUMMARY: Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4715 LAYER: meta PACKAGE NAME: lz4 PACKAGE VERSION: 1_1.9.4 CVE: CVE-2019-17543 CVE STATUS: Patched CVE SUMMARY: LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-17543 LAYER: meta PACKAGE NAME: lz4 PACKAGE VERSION: 1_1.9.4 CVE: CVE-2021-3520 CVE STATUS: Patched CVE SUMMARY: There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3520 LAYER: meta PACKAGE NAME: python3-pygments PACKAGE VERSION: 2.11.2 CVE: CVE-2022-40896 CVE STATUS: Patched CVE SUMMARY: A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40896 LAYER: meta PACKAGE NAME: libyaml PACKAGE VERSION: 0.2.5 CVE: CVE-2013-6393 CVE STATUS: Patched CVE SUMMARY: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6393 LAYER: meta PACKAGE NAME: libyaml PACKAGE VERSION: 0.2.5 CVE: CVE-2014-2525 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2525 LAYER: meta PACKAGE NAME: libyaml PACKAGE VERSION: 0.2.5 CVE: CVE-2014-9130 CVE STATUS: Patched CVE SUMMARY: scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9130 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-1999-0491 CVE STATUS: Patched CVE SUMMARY: The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0491 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-1999-1383 CVE STATUS: Patched CVE SUMMARY: (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1383 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2010-0002 CVE STATUS: Patched CVE SUMMARY: The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existence of a file, via a crafted filename. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0002 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2012-3410 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3410 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2012-6711 CVE STATUS: Patched CVE SUMMARY: A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv(). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6711 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2014-6271 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6271 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2014-6277 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6277 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2014-6278 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6278 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2014-7169 CVE STATUS: Patched CVE SUMMARY: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7169 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2014-7186 CVE STATUS: Patched CVE SUMMARY: The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7186 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2014-7187 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7187 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2016-0634 CVE STATUS: Patched CVE SUMMARY: The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0634 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2016-7543 CVE STATUS: Patched CVE SUMMARY: Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7543 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2016-9401 CVE STATUS: Patched CVE SUMMARY: popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9401 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2017-5932 CVE STATUS: Patched CVE SUMMARY: The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5932 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2019-18276 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18276 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2019-9924 CVE STATUS: Patched CVE SUMMARY: rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9924 LAYER: meta PACKAGE NAME: bash PACKAGE VERSION: 5.1.16 CVE: CVE-2022-3715 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3715 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-1999-0402 CVE STATUS: Patched CVE SUMMARY: wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0402 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2002-1344 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1344 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2004-1487 CVE STATUS: Patched CVE SUMMARY: wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1487 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2004-1488 CVE STATUS: Patched CVE SUMMARY: wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1488 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2004-2014 CVE STATUS: Patched CVE SUMMARY: Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2014 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2005-3185 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3185 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2006-6719 CVE STATUS: Patched CVE SUMMARY: The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6719 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2009-3490 CVE STATUS: Patched CVE SUMMARY: GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3490 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2010-2252 CVE STATUS: Patched CVE SUMMARY: GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2252 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2014-4877 CVE STATUS: Patched CVE SUMMARY: Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4877 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2016-4971 CVE STATUS: Patched CVE SUMMARY: GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4971 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2016-7098 CVE STATUS: Patched CVE SUMMARY: Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7098 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2017-13089 CVE STATUS: Patched CVE SUMMARY: The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13089 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2017-13090 CVE STATUS: Patched CVE SUMMARY: The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13090 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2017-6508 CVE STATUS: Patched CVE SUMMARY: CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-6508 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2018-0494 CVE STATUS: Patched CVE SUMMARY: GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0494 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2018-20483 CVE STATUS: Patched CVE SUMMARY: set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20483 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2019-5953 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5953 LAYER: meta PACKAGE NAME: wget PACKAGE VERSION: 1.21.4 CVE: CVE-2021-31879 CVE STATUS: Patched CVE SUMMARY: GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31879 LAYER: meta PACKAGE NAME: libuv PACKAGE VERSION: 1.44.2 CVE: CVE-2014-9748 CVE STATUS: Patched CVE SUMMARY: The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9748 LAYER: meta PACKAGE NAME: libuv PACKAGE VERSION: 1.44.2 CVE: CVE-2015-0278 CVE STATUS: Patched CVE SUMMARY: libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0278 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2020-15157 CVE STATUS: Patched CVE SUMMARY: In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15157 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2020-15257 CVE STATUS: Patched CVE SUMMARY: containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 5.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15257 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2021-21334 CVE STATUS: Patched CVE SUMMARY: In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21334 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2021-32760 CVE STATUS: Patched CVE SUMMARY: containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32760 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2021-41103 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 5.9 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41103 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2021-43816 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43816 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2022-23471 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23471 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2022-23648 CVE STATUS: Patched CVE SUMMARY: containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23648 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2022-31030 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31030 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2023-25153 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25153 LAYER: meta-virtualization PACKAGE NAME: containerd-opencontainers PACKAGE VERSION: v1.6.19+gitAUTOINC+1e1ea6e986 CVE: CVE-2023-25173 CVE STATUS: Patched CVE SUMMARY: containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25173 LAYER: meta PACKAGE NAME: initscripts PACKAGE VERSION: 1.0 CVE: CVE-2008-3524 CVE STATUS: Patched CVE SUMMARY: rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a file or directory under (1) /var/lock or (2) /var/run. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3524 LAYER: meta PACKAGE NAME: initscripts PACKAGE VERSION: 1.0 CVE: CVE-2008-4832 CVE STATUS: Patched CVE SUMMARY: rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fix for CVE-2008-3524. NOTE: exploitation may require an unusual scenario in which rc.sysinit is executed other than at boot time. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4832 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2004-1001 CVE STATUS: Patched CVE SUMMARY: Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1001 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2005-4890 CVE STATUS: Patched CVE SUMMARY: There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4890 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2006-1174 CVE STATUS: Patched CVE SUMMARY: useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1174 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2006-1844 CVE STATUS: Patched CVE SUMMARY: The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1844 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2008-5394 CVE STATUS: Patched CVE SUMMARY: /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5394 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2011-0721 CVE STATUS: Patched CVE SUMMARY: Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0721 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2013-4235 CVE STATUS: Ignored CVE SUMMARY: shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4235 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2016-6252 CVE STATUS: Patched CVE SUMMARY: Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6252 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2017-12424 CVE STATUS: Patched CVE SUMMARY: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12424 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2017-20002 CVE STATUS: Patched CVE SUMMARY: The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-20002 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2018-16588 CVE STATUS: Patched CVE SUMMARY: Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for SUSE Linux Enterprise 15 (SLE-15). Non-existing intermediate directories are created with mode 0777 during user creation. Given that they are world-writable, local attackers might use this for privilege escalation and other unspecified attacks. NOTE: this would affect non-SUSE users who took useradd.c code from a 2014-04-02 upstream pull request; however, no non-SUSE distribution is known to be affected. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16588 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2018-7169 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7169 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2019-16110 CVE STATUS: Patched CVE SUMMARY: The network protocol of Blade Shadow though 2.13.3 allows remote attackers to take control of a Shadow instance and execute arbitrary code by only knowing the victim's IP address, because packet data can be injected into the unencrypted UDP packet stream. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16110 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2019-19882 CVE STATUS: Patched CVE SUMMARY: shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8). CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19882 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2023-29383 CVE STATUS: Patched CVE SUMMARY: In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29383 LAYER: meta PACKAGE NAME: shadow PACKAGE VERSION: 4.11.1 CVE: CVE-2023-4641 CVE STATUS: Patched CVE SUMMARY: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4641 LAYER: meta-oe PACKAGE NAME: ltrace PACKAGE VERSION: 1_7.91+gitAUTOINC+c22d359433 CVE: CVE-2004-0172 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0172 LAYER: meta PACKAGE NAME: cracklib PACKAGE VERSION: 2.9.8 CVE: CVE-1999-1140 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1140 LAYER: meta PACKAGE NAME: cracklib PACKAGE VERSION: 2.9.8 CVE: CVE-2016-6318 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6318 LAYER: meta PACKAGE NAME: ppp PACKAGE VERSION: 2.4.9 CVE: CVE-2008-5366 CVE STATUS: Patched CVE SUMMARY: The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-5366 LAYER: meta PACKAGE NAME: ppp PACKAGE VERSION: 2.4.9 CVE: CVE-2020-15704 CVE STATUS: Patched CVE SUMMARY: The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15704 LAYER: meta PACKAGE NAME: ppp PACKAGE VERSION: 2.4.9 CVE: CVE-2022-4603 CVE STATUS: Patched CVE SUMMARY: A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4603 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.20.1 CVE: CVE-2011-1098 CVE STATUS: Patched CVE SUMMARY: Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1098 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.20.1 CVE: CVE-2011-1154 CVE STATUS: Patched CVE SUMMARY: The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1154 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.20.1 CVE: CVE-2011-1155 CVE STATUS: Patched CVE SUMMARY: The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1155 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.20.1 CVE: CVE-2011-1548 CVE STATUS: Ignored CVE SUMMARY: The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1548 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.20.1 CVE: CVE-2011-1549 CVE STATUS: Ignored CVE SUMMARY: The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1549 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.20.1 CVE: CVE-2011-1550 CVE STATUS: Ignored CVE SUMMARY: The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1550 LAYER: meta PACKAGE NAME: logrotate PACKAGE VERSION: 3.20.1 CVE: CVE-2022-1348 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1348 LAYER: meta PACKAGE NAME: acl PACKAGE VERSION: 2.3.1 CVE: CVE-2009-4411 CVE STATUS: Patched CVE SUMMARY: The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4411 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.1 CVE: CVE-2011-1935 CVE STATUS: Patched CVE SUMMARY: pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1935 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.1 CVE: CVE-2019-15161 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15161 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.1 CVE: CVE-2019-15162 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15162 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.1 CVE: CVE-2019-15163 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15163 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.1 CVE: CVE-2019-15164 CVE STATUS: Patched CVE SUMMARY: rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15164 LAYER: meta PACKAGE NAME: libpcap PACKAGE VERSION: 1.10.1 CVE: CVE-2019-15165 CVE STATUS: Patched CVE SUMMARY: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15165 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.7 CVE: CVE-2001-1387 CVE STATUS: Patched CVE SUMMARY: iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1387 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.7 CVE: CVE-2001-1388 CVE STATUS: Patched CVE SUMMARY: iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1388 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.7 CVE: CVE-2012-2663 CVE STATUS: Patched CVE SUMMARY: extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2663 LAYER: meta PACKAGE NAME: iptables PACKAGE VERSION: 1.8.7 CVE: CVE-2019-11360 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11360 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2002-0759 CVE STATUS: Patched CVE SUMMARY: bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0759 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2002-0760 CVE STATUS: Patched CVE SUMMARY: Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0760 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2002-0761 CVE STATUS: Patched CVE SUMMARY: bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0761 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2005-0953 CVE STATUS: Patched CVE SUMMARY: Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0953 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2005-1260 CVE STATUS: Patched CVE SUMMARY: bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1260 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2008-1372 CVE STATUS: Patched CVE SUMMARY: bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1372 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2010-0405 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0405 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2011-4089 CVE STATUS: Patched CVE SUMMARY: The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4089 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2016-3189 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2019-12900 CVE STATUS: Patched CVE SUMMARY: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12900 LAYER: meta PACKAGE NAME: bzip2 PACKAGE VERSION: 1.0.8 CVE: CVE-2023-22895 CVE STATUS: Patched CVE SUMMARY: The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22895 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2013-4242 CVE STATUS: Patched CVE SUMMARY: GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4242 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2014-3591 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3591 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2014-5270 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5270 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2015-0837 CVE STATUS: Patched CVE SUMMARY: The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0837 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2015-7511 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 2.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7511 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2016-6313 CVE STATUS: Patched CVE SUMMARY: The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6313 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2017-0379 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-0379 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2017-7526 CVE STATUS: Patched CVE SUMMARY: libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7526 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2017-9526 CVE STATUS: Patched CVE SUMMARY: In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9526 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2018-0495 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-0495 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2018-6829 CVE STATUS: Patched CVE SUMMARY: cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6829 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2019-12904 CVE STATUS: Patched CVE SUMMARY: In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attack CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12904 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2021-3345 CVE STATUS: Patched CVE SUMMARY: _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3345 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2021-33560 CVE STATUS: Patched CVE SUMMARY: Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33560 LAYER: meta PACKAGE NAME: libgcrypt PACKAGE VERSION: 1.9.4 CVE: CVE-2021-40528 CVE STATUS: Patched CVE SUMMARY: The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-40528 LAYER: meta PACKAGE NAME: tcl PACKAGE VERSION: 8.6.11 CVE: CVE-2021-35331 CVE STATUS: Ignored CVE SUMMARY: In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-35331 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-1999-0958 CVE STATUS: Patched CVE SUMMARY: sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0958 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-1999-1496 CVE STATUS: Patched CVE SUMMARY: Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1496 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2002-0043 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0043 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2002-0184 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0184 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2004-1051 CVE STATUS: Patched CVE SUMMARY: sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1051 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2004-1689 CVE STATUS: Patched CVE SUMMARY: sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1689 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2005-1119 CVE STATUS: Patched CVE SUMMARY: Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1119 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2005-1831 CVE STATUS: Patched CVE SUMMARY: Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1831 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2005-1993 CVE STATUS: Patched CVE SUMMARY: Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1993 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2005-2959 CVE STATUS: Patched CVE SUMMARY: Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2959 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2005-4158 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4158 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2005-4890 CVE STATUS: Patched CVE SUMMARY: There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4890 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2006-0151 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-0151 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2007-3149 CVE STATUS: Patched CVE SUMMARY: sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3149 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2007-4305 CVE STATUS: Patched CVE SUMMARY: Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-4305 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2009-0034 CVE STATUS: Patched CVE SUMMARY: parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-0034 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2010-0426 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0426 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2010-0427 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0427 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2010-1163 CVE STATUS: Patched CVE SUMMARY: The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1163 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2010-1646 CVE STATUS: Patched CVE SUMMARY: The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-1646 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2010-2956 CVE STATUS: Patched CVE SUMMARY: Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2956 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2011-0008 CVE STATUS: Patched CVE SUMMARY: A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0008 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2011-0010 CVE STATUS: Patched CVE SUMMARY: check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0010 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2012-0809 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0809 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2012-2337 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2337 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2012-3440 CVE STATUS: Patched CVE SUMMARY: A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. CVSS v2 BASE SCORE: 5.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3440 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2013-1775 CVE STATUS: Patched CVE SUMMARY: sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1775 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2013-1776 CVE STATUS: Patched CVE SUMMARY: sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1776 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2013-2776 CVE STATUS: Patched CVE SUMMARY: sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2776 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2013-2777 CVE STATUS: Patched CVE SUMMARY: sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2777 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2014-0106 CVE STATUS: Patched CVE SUMMARY: Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. CVSS v2 BASE SCORE: 6.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0106 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2014-9680 CVE STATUS: Patched CVE SUMMARY: sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9680 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2015-5602 CVE STATUS: Patched CVE SUMMARY: sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5602 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2015-8239 CVE STATUS: Patched CVE SUMMARY: The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8239 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2016-7032 CVE STATUS: Patched CVE SUMMARY: sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7032 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2016-7076 CVE STATUS: Patched CVE SUMMARY: sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7076 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2017-1000367 CVE STATUS: Patched CVE SUMMARY: Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000367 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2017-1000368 CVE STATUS: Patched CVE SUMMARY: Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000368 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2019-14287 CVE STATUS: Patched CVE SUMMARY: In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14287 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2019-18634 CVE STATUS: Patched CVE SUMMARY: In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18634 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2019-18684 CVE STATUS: Patched CVE SUMMARY: Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18684 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2019-19232 CVE STATUS: Patched CVE SUMMARY: In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19232 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2019-19234 CVE STATUS: Patched CVE SUMMARY: In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19234 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2021-23239 CVE STATUS: Patched CVE SUMMARY: The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 2.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23239 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2021-23240 CVE STATUS: Patched CVE SUMMARY: selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23240 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2021-3156 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3156 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2022-43995 CVE STATUS: Patched CVE SUMMARY: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43995 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2023-22809 CVE STATUS: Patched CVE SUMMARY: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22809 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2023-27320 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.13p2 has a double free in the per-command chroot feature. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-27320 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2023-28486 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.13 does not escape control characters in log messages. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28486 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2023-28487 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28487 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2023-42456 CVE STATUS: Patched CVE SUMMARY: Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames. The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values. The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-42456 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2023-42465 CVE STATUS: Patched CVE SUMMARY: Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-42465 LAYER: meta PACKAGE NAME: sudo PACKAGE VERSION: 1.9.15p2 CVE: CVE-2023-7090 CVE STATUS: Patched CVE SUMMARY: A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-7090 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2002-0059 CVE STATUS: Patched CVE SUMMARY: The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0059 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2003-0107 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0107 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2004-0797 CVE STATUS: Patched CVE SUMMARY: The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0797 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2005-1849 CVE STATUS: Patched CVE SUMMARY: inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1849 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2005-2096 CVE STATUS: Patched CVE SUMMARY: zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2096 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2016-9840 CVE STATUS: Patched CVE SUMMARY: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9840 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2016-9841 CVE STATUS: Patched CVE SUMMARY: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9841 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2016-9842 CVE STATUS: Patched CVE SUMMARY: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9842 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2016-9843 CVE STATUS: Patched CVE SUMMARY: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9843 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2018-25032 CVE STATUS: Patched CVE SUMMARY: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25032 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2022-37434 CVE STATUS: Patched CVE SUMMARY: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2023-45853 CVE STATUS: Patched CVE SUMMARY: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45853 LAYER: meta PACKAGE NAME: zlib PACKAGE VERSION: 1.2.11 CVE: CVE-2023-6992 CVE STATUS: Unpatched CVE SUMMARY: Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-6992 LAYER: meta PACKAGE NAME: libtirpc PACKAGE VERSION: 1.3.2 CVE: CVE-2013-1950 CVE STATUS: Patched CVE SUMMARY: The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1950 LAYER: meta PACKAGE NAME: libtirpc PACKAGE VERSION: 1.3.2 CVE: CVE-2017-8779 CVE STATUS: Patched CVE SUMMARY: rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8779 LAYER: meta PACKAGE NAME: libtirpc PACKAGE VERSION: 1.3.2 CVE: CVE-2018-14621 CVE STATUS: Patched CVE SUMMARY: An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14621 LAYER: meta PACKAGE NAME: libtirpc PACKAGE VERSION: 1.3.2 CVE: CVE-2018-14622 CVE STATUS: Patched CVE SUMMARY: A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14622 LAYER: meta PACKAGE NAME: libtirpc PACKAGE VERSION: 1.3.2 CVE: CVE-2021-46828 CVE STATUS: Patched CVE SUMMARY: In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46828 LAYER: new-recipes PACKAGE NAME: myodbc PACKAGE VERSION: 3.1.1 CVE: CVE-2006-6948 CVE STATUS: Patched CVE SUMMARY: MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6948 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2015-8370 CVE STATUS: Patched CVE SUMMARY: Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8370 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2019-14865 CVE STATUS: Ignored CVE SUMMARY: A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure (for example by setting RLIMIT), causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.9 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-14865 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-10713 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10713 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-14308 CVE STATUS: Patched CVE SUMMARY: In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14308 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-14309 CVE STATUS: Patched CVE SUMMARY: There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14309 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-14310 CVE STATUS: Patched CVE SUMMARY: There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14310 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-14311 CVE STATUS: Patched CVE SUMMARY: There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14311 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-14372 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 7.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14372 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-15705 CVE STATUS: Patched CVE SUMMARY: GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15705 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-15706 CVE STATUS: Patched CVE SUMMARY: GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15706 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-15707 CVE STATUS: Patched CVE SUMMARY: Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15707 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-25632 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25632 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-25647 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.6 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25647 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-27749 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27749 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2020-27779 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27779 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2021-20225 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20225 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2021-20233 CVE STATUS: Patched CVE SUMMARY: A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 8.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20233 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2021-3418 CVE STATUS: Patched CVE SUMMARY: If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 6.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3418 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2021-3695 CVE STATUS: Patched CVE SUMMARY: A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 4.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3695 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2021-3696 CVE STATUS: Patched CVE SUMMARY: A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 4.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3696 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2021-3697 CVE STATUS: Patched CVE SUMMARY: A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3697 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2021-3981 CVE STATUS: Patched CVE SUMMARY: A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3981 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2021-46705 CVE STATUS: Ignored CVE SUMMARY: A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46705 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2022-2601 CVE STATUS: Patched CVE SUMMARY: A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.6 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2601 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2022-28733 CVE STATUS: Patched CVE SUMMARY: Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28733 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2022-28734 CVE STATUS: Patched CVE SUMMARY: Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28734 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2022-28735 CVE STATUS: Patched CVE SUMMARY: The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28735 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2022-28736 CVE STATUS: Patched CVE SUMMARY: There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-28736 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2022-3775 CVE STATUS: Patched CVE SUMMARY: When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3775 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2023-4001 CVE STATUS: Unpatched CVE SUMMARY: An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.8 VECTOR: PHYSICAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4001 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2023-4692 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4692 LAYER: meta PACKAGE NAME: grub PACKAGE VERSION: 2.06 CVE: CVE-2023-4693 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.6 VECTOR: PHYSICAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4693 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2013-0178 CVE STATUS: Patched CVE SUMMARY: Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0178 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2013-0180 CVE STATUS: Patched CVE SUMMARY: Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0180 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2013-7458 CVE STATUS: Patched CVE SUMMARY: linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7458 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2015-4335 CVE STATUS: Patched CVE SUMMARY: Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4335 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2015-8080 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8080 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2016-10517 CVE STATUS: Patched CVE SUMMARY: networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10517 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2016-8339 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8339 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2017-15047 CVE STATUS: Patched CVE SUMMARY: The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15047 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2018-11218 CVE STATUS: Patched CVE SUMMARY: Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11218 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2018-11219 CVE STATUS: Patched CVE SUMMARY: An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11219 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2018-12326 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 8.4 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12326 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2018-12453 CVE STATUS: Patched CVE SUMMARY: Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-12453 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2019-10192 CVE STATUS: Patched CVE SUMMARY: A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10192 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2019-10193 CVE STATUS: Patched CVE SUMMARY: A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-10193 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2019-3800 CVE STATUS: Patched CVE SUMMARY: CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3800 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2020-14147 CVE STATUS: Patched CVE SUMMARY: An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 7.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14147 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2020-21468 CVE STATUS: Patched CVE SUMMARY: A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7 CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21468 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-21309 CVE STATUS: Patched CVE SUMMARY: Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-21309 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-29469 CVE STATUS: Patched CVE SUMMARY: Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29469 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-29477 CVE STATUS: Patched CVE SUMMARY: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29477 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-29478 CVE STATUS: Patched CVE SUMMARY: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-29478 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-31294 CVE STATUS: Patched CVE SUMMARY: Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31294 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-32625 CVE STATUS: Patched CVE SUMMARY: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB). CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32625 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-32626 CVE STATUS: Patched CVE SUMMARY: Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32626 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-32627 CVE STATUS: Patched CVE SUMMARY: Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32627 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-32628 CVE STATUS: Patched CVE SUMMARY: Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32628 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-32672 CVE STATUS: Patched CVE SUMMARY: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32672 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-32675 CVE STATUS: Patched CVE SUMMARY: Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32675 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-32687 CVE STATUS: Patched CVE SUMMARY: Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32687 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-32761 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32761 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-32762 CVE STATUS: Patched CVE SUMMARY: Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-32762 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-3470 CVE STATUS: Patched CVE SUMMARY: A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3470 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2021-41099 CVE STATUS: Patched CVE SUMMARY: Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-41099 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-0543 CVE STATUS: Unpatched CVE SUMMARY: It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 10.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0543 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-24735 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24735 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-24736 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24736 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-24834 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24834 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-31144 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31144 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-33105 CVE STATUS: Patched CVE SUMMARY: Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-33105 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-35951 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35951 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-35977 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35977 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-36021 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-36021 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-3647 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3647 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2022-3734 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-3734 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2023-22458 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-22458 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2023-25155 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25155 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2023-28425 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28425 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2023-28856 CVE STATUS: Patched CVE SUMMARY: Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28856 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2023-31655 CVE STATUS: Patched CVE SUMMARY: redis-7.0.10 was discovered to contain a segmentation violation. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-31655 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2023-36824 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-36824 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2023-41053 CVE STATUS: Patched CVE SUMMARY: Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41053 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2023-41056 CVE STATUS: Unpatched CVE SUMMARY: Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-41056 LAYER: meta-oe PACKAGE NAME: redis PACKAGE VERSION: 7.0.13 CVE: CVE-2023-45145 CVE STATUS: Unpatched CVE SUMMARY: Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.6 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45145 LAYER: meta-oe PACKAGE NAME: jansson PACKAGE VERSION: 2.13.1 CVE: CVE-2013-6401 CVE STATUS: Patched CVE SUMMARY: Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6401 LAYER: meta-oe PACKAGE NAME: jansson PACKAGE VERSION: 2.13.1 CVE: CVE-2016-4425 CVE STATUS: Patched CVE SUMMARY: Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4425 LAYER: meta-oe PACKAGE NAME: jansson PACKAGE VERSION: 2.13.1 CVE: CVE-2020-36325 CVE STATUS: Ignored CVE SUMMARY: An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36325 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2009-3560 CVE STATUS: Patched CVE SUMMARY: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3560 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2009-3720 CVE STATUS: Patched CVE SUMMARY: The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3720 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2012-0876 CVE STATUS: Patched CVE SUMMARY: The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0876 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2012-1147 CVE STATUS: Patched CVE SUMMARY: readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1147 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2012-1148 CVE STATUS: Patched CVE SUMMARY: Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1148 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2012-6702 CVE STATUS: Patched CVE SUMMARY: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6702 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2013-0340 CVE STATUS: Patched CVE SUMMARY: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0340 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2015-1283 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1283 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2016-0718 CVE STATUS: Patched CVE SUMMARY: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0718 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2016-4472 CVE STATUS: Patched CVE SUMMARY: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4472 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2016-5300 CVE STATUS: Patched CVE SUMMARY: The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5300 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2017-11742 CVE STATUS: Patched CVE SUMMARY: The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11742 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2017-9233 CVE STATUS: Patched CVE SUMMARY: XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9233 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2018-20843 CVE STATUS: Patched CVE SUMMARY: In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20843 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2019-15903 CVE STATUS: Patched CVE SUMMARY: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15903 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2021-45960 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45960 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2021-46143 CVE STATUS: Patched CVE SUMMARY: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46143 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-22822 CVE STATUS: Patched CVE SUMMARY: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22822 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-22823 CVE STATUS: Patched CVE SUMMARY: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22823 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-22824 CVE STATUS: Patched CVE SUMMARY: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22824 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-22825 CVE STATUS: Patched CVE SUMMARY: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22825 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-22826 CVE STATUS: Patched CVE SUMMARY: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22826 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-22827 CVE STATUS: Patched CVE SUMMARY: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-22827 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-23852 CVE STATUS: Patched CVE SUMMARY: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23852 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-23990 CVE STATUS: Patched CVE SUMMARY: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23990 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-25235 CVE STATUS: Patched CVE SUMMARY: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25235 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-25236 CVE STATUS: Patched CVE SUMMARY: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25236 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-25313 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25313 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-25314 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25314 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-25315 CVE STATUS: Patched CVE SUMMARY: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-25315 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-40674 CVE STATUS: Patched CVE SUMMARY: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40674 LAYER: meta PACKAGE NAME: expat PACKAGE VERSION: 2.5.0 CVE: CVE-2022-43680 CVE STATUS: Patched CVE SUMMARY: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-43680 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2016-9015 CVE STATUS: Patched CVE SUMMARY: Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9015 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2018-20060 CVE STATUS: Patched CVE SUMMARY: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20060 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2018-25091 CVE STATUS: Patched CVE SUMMARY: urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25091 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2019-11236 CVE STATUS: Patched CVE SUMMARY: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11236 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2019-11324 CVE STATUS: Patched CVE SUMMARY: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11324 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2020-26137 CVE STATUS: Patched CVE SUMMARY: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-26137 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2020-7212 CVE STATUS: Patched CVE SUMMARY: The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2). CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7212 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2021-28363 CVE STATUS: Patched CVE SUMMARY: The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28363 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2021-33503 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33503 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2023-43804 CVE STATUS: Patched CVE SUMMARY: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-43804 LAYER: new-recipes PACKAGE NAME: python3-urllib3 PACKAGE VERSION: 1.26.18 CVE: CVE-2023-45803 CVE STATUS: Patched CVE SUMMARY: urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.2 VECTOR: ADJACENT_NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45803 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2000-0536 CVE STATUS: Patched CVE SUMMARY: xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0536 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2001-0825 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0825 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2001-1322 CVE STATUS: Patched CVE SUMMARY: xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1322 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2001-1389 CVE STATUS: Patched CVE SUMMARY: Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1389 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2002-0871 CVE STATUS: Patched CVE SUMMARY: xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0871 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2003-0211 CVE STATUS: Patched CVE SUMMARY: Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0211 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2012-0862 CVE STATUS: Patched CVE SUMMARY: builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0862 LAYER: meta PACKAGE NAME: xinetd PACKAGE VERSION: 2.3.15.4 CVE: CVE-2013-4342 CVE STATUS: Ignored CVE SUMMARY: xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4342 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.2 CVE: CVE-2019-11922 CVE STATUS: Patched CVE SUMMARY: A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11922 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.2 CVE: CVE-2021-24031 CVE STATUS: Patched CVE SUMMARY: In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-24031 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.2 CVE: CVE-2021-24032 CVE STATUS: Patched CVE SUMMARY: Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-24032 LAYER: meta PACKAGE NAME: zstd PACKAGE VERSION: 1.5.2 CVE: CVE-2022-4899 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-4899 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2004-2531 CVE STATUS: Patched CVE SUMMARY: X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2531 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2005-1431 CVE STATUS: Patched CVE SUMMARY: The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1431 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2006-4790 CVE STATUS: Patched CVE SUMMARY: verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4790 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2006-7239 CVE STATUS: Patched CVE SUMMARY: The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7239 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2008-1948 CVE STATUS: Patched CVE SUMMARY: The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1948 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2008-1949 CVE STATUS: Patched CVE SUMMARY: The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1949 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2008-1950 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encrypted Client Hello message within a TLS record with an invalid Record Length, which leads to an invalid cipher padding length, aka GNUTLS-SA-2008-1-3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1950 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2008-2377 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2377 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2008-4989 CVE STATUS: Patched CVE SUMMARY: The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4989 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2009-1415 CVE STATUS: Patched CVE SUMMARY: lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1415 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2009-1416 CVE STATUS: Patched CVE SUMMARY: lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1416 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2009-1417 CVE STATUS: Patched CVE SUMMARY: gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-1417 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2009-2409 CVE STATUS: Patched CVE SUMMARY: The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2409 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2009-2730 CVE STATUS: Patched CVE SUMMARY: libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2730 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2009-3555 CVE STATUS: Patched CVE SUMMARY: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3555 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2009-5138 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5138 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2010-0731 CVE STATUS: Patched CVE SUMMARY: The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0731 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2011-4128 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4128 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2012-0390 CVE STATUS: Patched CVE SUMMARY: The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0390 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2012-1569 CVE STATUS: Patched CVE SUMMARY: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1569 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2012-1573 CVE STATUS: Patched CVE SUMMARY: gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1573 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2012-1663 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1663 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2013-1619 CVE STATUS: Patched CVE SUMMARY: The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1619 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2013-2116 CVE STATUS: Patched CVE SUMMARY: The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2116 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2013-4466 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4466 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2013-4487 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4487 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2014-0092 CVE STATUS: Patched CVE SUMMARY: lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0092 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2014-1959 CVE STATUS: Patched CVE SUMMARY: lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-1959 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2014-3465 CVE STATUS: Patched CVE SUMMARY: The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3465 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2014-3466 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3466 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2014-3467 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3467 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2014-3468 CVE STATUS: Patched CVE SUMMARY: The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3468 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2014-3469 CVE STATUS: Patched CVE SUMMARY: The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3469 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2014-8155 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8155 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2014-8564 CVE STATUS: Patched CVE SUMMARY: The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8564 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2015-0282 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0282 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2015-0294 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0294 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2015-3308 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3308 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2015-6251 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6251 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2015-8313 CVE STATUS: Patched CVE SUMMARY: GnuTLS incorrectly validates the first byte of padding in CBC modes CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8313 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2016-4456 CVE STATUS: Patched CVE SUMMARY: The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4456 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2016-7444 CVE STATUS: Patched CVE SUMMARY: The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7444 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2017-5334 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5334 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2017-5335 CVE STATUS: Patched CVE SUMMARY: The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5335 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2017-5336 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5336 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2017-5337 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5337 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2017-7507 CVE STATUS: Patched CVE SUMMARY: GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7507 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2017-7869 CVE STATUS: Patched CVE SUMMARY: GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7869 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2018-10844 CVE STATUS: Patched CVE SUMMARY: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10844 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2018-10845 CVE STATUS: Patched CVE SUMMARY: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10845 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2018-10846 CVE STATUS: Patched CVE SUMMARY: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10846 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2018-16868 CVE STATUS: Patched CVE SUMMARY: A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16868 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2019-3829 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3829 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2019-3836 CVE STATUS: Patched CVE SUMMARY: It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-3836 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2020-11501 CVE STATUS: Patched CVE SUMMARY: GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11501 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2020-13777 CVE STATUS: Patched CVE SUMMARY: GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13777 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2020-24659 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24659 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2021-20231 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20231 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2021-20232 CVE STATUS: Patched CVE SUMMARY: A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20232 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2021-4209 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-4209 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2022-2509 CVE STATUS: Patched CVE SUMMARY: A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2509 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2023-0361 CVE STATUS: Patched CVE SUMMARY: A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0361 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2023-5981 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5981 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2024-0553 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0553 LAYER: meta PACKAGE NAME: gnutls PACKAGE VERSION: 3.7.4 CVE: CVE-2024-0567 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0567 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2008-4316 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4316 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2009-3289 CVE STATUS: Patched CVE SUMMARY: The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3289 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2012-0039 CVE STATUS: Patched CVE SUMMARY: GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0039 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2018-16428 CVE STATUS: Patched CVE SUMMARY: In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16428 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2018-16429 CVE STATUS: Patched CVE SUMMARY: GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16429 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2019-12450 CVE STATUS: Patched CVE SUMMARY: file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12450 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2019-13012 CVE STATUS: Patched CVE SUMMARY: The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13012 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2019-9633 CVE STATUS: Patched CVE SUMMARY: gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9633 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2020-35457 CVE STATUS: Patched CVE SUMMARY: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35457 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2020-6750 CVE STATUS: Patched CVE SUMMARY: GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-6750 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2021-27218 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27218 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2021-27219 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27219 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2021-28153 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-28153 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2021-3800 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3800 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2023-29499 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29499 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2023-32611 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32611 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2023-32636 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32636 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2023-32643 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32643 LAYER: meta PACKAGE NAME: glib-2.0 PACKAGE VERSION: 1_2.72.3 CVE: CVE-2023-32665 CVE STATUS: Patched CVE SUMMARY: A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-32665 LAYER: meta PACKAGE NAME: libffi PACKAGE VERSION: 3.4.4 CVE: CVE-2017-1000376 CVE STATUS: Patched CVE SUMMARY: libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000376 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2015-3210 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?Pc)(?Pa(?P=B)))>WGXCREDITS)/, a different vulnerability than CVE-2015-8384. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3210 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2015-3217 CVE STATUS: Patched CVE SUMMARY: PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3217 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2016-3191 CVE STATUS: Patched CVE SUMMARY: The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3191 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2017-7186 CVE STATUS: Patched CVE SUMMARY: libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7186 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2017-8399 CVE STATUS: Patched CVE SUMMARY: PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8399 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2017-8786 CVE STATUS: Patched CVE SUMMARY: pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8786 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2019-20454 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20454 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2022-1586 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1586 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2022-1587 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-1587 LAYER: meta PACKAGE NAME: libpcre2 PACKAGE VERSION: 10.40 CVE: CVE-2022-41409 CVE STATUS: Patched CVE SUMMARY: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41409 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-1999-1024 CVE STATUS: Patched CVE SUMMARY: ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-1024 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2000-0333 CVE STATUS: Patched CVE SUMMARY: tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0333 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2000-1026 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-1026 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2001-1279 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1279 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2002-0380 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0380 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2002-1350 CVE STATUS: Patched CVE SUMMARY: The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1350 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0093 CVE STATUS: Patched CVE SUMMARY: The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0093 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0108 CVE STATUS: Patched CVE SUMMARY: isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0108 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0145 CVE STATUS: Patched CVE SUMMARY: Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0145 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0194 CVE STATUS: Patched CVE SUMMARY: tcpdump does not properly drop privileges to the pcap user when starting up. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0194 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-0989 CVE STATUS: Patched CVE SUMMARY: tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0989 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2003-1029 CVE STATUS: Patched CVE SUMMARY: The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-1029 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2004-0055 CVE STATUS: Patched CVE SUMMARY: The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0055 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2004-0057 CVE STATUS: Patched CVE SUMMARY: The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0057 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2004-0183 CVE STATUS: Patched CVE SUMMARY: TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0183 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2004-0184 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0184 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2005-1267 CVE STATUS: Patched CVE SUMMARY: The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1267 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2005-1278 CVE STATUS: Patched CVE SUMMARY: The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1278 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2005-1279 CVE STATUS: Patched CVE SUMMARY: tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1279 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2005-1280 CVE STATUS: Patched CVE SUMMARY: The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1280 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2007-1218 CVE STATUS: Patched CVE SUMMARY: Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-1218 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2007-3798 CVE STATUS: Patched CVE SUMMARY: Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3798 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2014-8767 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8767 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2014-8768 CVE STATUS: Patched CVE SUMMARY: Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8768 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2014-8769 CVE STATUS: Patched CVE SUMMARY: tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8769 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2014-9140 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9140 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-0261 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0261 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-2153 CVE STATUS: Patched CVE SUMMARY: The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2153 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-2154 CVE STATUS: Patched CVE SUMMARY: The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2154 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-2155 CVE STATUS: Patched CVE SUMMARY: The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2155 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2015-3138 CVE STATUS: Patched CVE SUMMARY: print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3138 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7922 CVE STATUS: Patched CVE SUMMARY: The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7922 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7923 CVE STATUS: Patched CVE SUMMARY: The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7923 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7924 CVE STATUS: Patched CVE SUMMARY: The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7924 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7925 CVE STATUS: Patched CVE SUMMARY: The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7925 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7926 CVE STATUS: Patched CVE SUMMARY: The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7926 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7927 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7927 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7928 CVE STATUS: Patched CVE SUMMARY: The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7928 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7929 CVE STATUS: Patched CVE SUMMARY: The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7929 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7930 CVE STATUS: Patched CVE SUMMARY: The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7930 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7931 CVE STATUS: Patched CVE SUMMARY: The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7931 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7932 CVE STATUS: Patched CVE SUMMARY: The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7932 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7933 CVE STATUS: Patched CVE SUMMARY: The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7933 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7934 CVE STATUS: Patched CVE SUMMARY: The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7934 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7935 CVE STATUS: Patched CVE SUMMARY: The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7935 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7936 CVE STATUS: Patched CVE SUMMARY: The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7936 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7937 CVE STATUS: Patched CVE SUMMARY: The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7937 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7938 CVE STATUS: Patched CVE SUMMARY: The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7938 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7939 CVE STATUS: Patched CVE SUMMARY: The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7939 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7940 CVE STATUS: Patched CVE SUMMARY: The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7940 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7973 CVE STATUS: Patched CVE SUMMARY: The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7973 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7974 CVE STATUS: Patched CVE SUMMARY: The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7974 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7975 CVE STATUS: Patched CVE SUMMARY: The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7975 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7983 CVE STATUS: Patched CVE SUMMARY: The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7983 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7984 CVE STATUS: Patched CVE SUMMARY: The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7984 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7985 CVE STATUS: Patched CVE SUMMARY: The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7985 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7986 CVE STATUS: Patched CVE SUMMARY: The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7986 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7992 CVE STATUS: Patched CVE SUMMARY: The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7992 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-7993 CVE STATUS: Patched CVE SUMMARY: A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7993 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-8574 CVE STATUS: Patched CVE SUMMARY: The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8574 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2016-8575 CVE STATUS: Patched CVE SUMMARY: The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8575 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-11108 CVE STATUS: Patched CVE SUMMARY: tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11108 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-11541 CVE STATUS: Patched CVE SUMMARY: tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11541 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-11542 CVE STATUS: Patched CVE SUMMARY: tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11542 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-11543 CVE STATUS: Patched CVE SUMMARY: tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-11543 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12893 CVE STATUS: Patched CVE SUMMARY: The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12893 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12894 CVE STATUS: Patched CVE SUMMARY: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12894 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12895 CVE STATUS: Patched CVE SUMMARY: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12895 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12896 CVE STATUS: Patched CVE SUMMARY: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12896 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12897 CVE STATUS: Patched CVE SUMMARY: The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12897 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12898 CVE STATUS: Patched CVE SUMMARY: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12898 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12899 CVE STATUS: Patched CVE SUMMARY: The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12899 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12900 CVE STATUS: Patched CVE SUMMARY: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12900 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12901 CVE STATUS: Patched CVE SUMMARY: The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12901 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12902 CVE STATUS: Patched CVE SUMMARY: The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12902 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12985 CVE STATUS: Patched CVE SUMMARY: The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12985 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12986 CVE STATUS: Patched CVE SUMMARY: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12986 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12987 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12987 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12988 CVE STATUS: Patched CVE SUMMARY: The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12988 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12989 CVE STATUS: Patched CVE SUMMARY: The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12989 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12990 CVE STATUS: Patched CVE SUMMARY: The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12990 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12991 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12991 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12992 CVE STATUS: Patched CVE SUMMARY: The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12992 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12993 CVE STATUS: Patched CVE SUMMARY: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12993 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12994 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12994 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12995 CVE STATUS: Patched CVE SUMMARY: The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12995 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12996 CVE STATUS: Patched CVE SUMMARY: The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12996 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12997 CVE STATUS: Patched CVE SUMMARY: The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12997 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12998 CVE STATUS: Patched CVE SUMMARY: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12998 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-12999 CVE STATUS: Patched CVE SUMMARY: The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12999 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13000 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13000 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13001 CVE STATUS: Patched CVE SUMMARY: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13001 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13002 CVE STATUS: Patched CVE SUMMARY: The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13002 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13003 CVE STATUS: Patched CVE SUMMARY: The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13003 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13004 CVE STATUS: Patched CVE SUMMARY: The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13004 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13005 CVE STATUS: Patched CVE SUMMARY: The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13005 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13006 CVE STATUS: Patched CVE SUMMARY: The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13006 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13007 CVE STATUS: Patched CVE SUMMARY: The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13007 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13008 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13008 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13009 CVE STATUS: Patched CVE SUMMARY: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13009 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13010 CVE STATUS: Patched CVE SUMMARY: The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13010 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13011 CVE STATUS: Patched CVE SUMMARY: Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13011 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13012 CVE STATUS: Patched CVE SUMMARY: The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13012 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13013 CVE STATUS: Patched CVE SUMMARY: The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13013 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13014 CVE STATUS: Patched CVE SUMMARY: The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13014 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13015 CVE STATUS: Patched CVE SUMMARY: The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13015 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13016 CVE STATUS: Patched CVE SUMMARY: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13016 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13017 CVE STATUS: Patched CVE SUMMARY: The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13017 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13018 CVE STATUS: Patched CVE SUMMARY: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13018 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13019 CVE STATUS: Patched CVE SUMMARY: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13019 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13020 CVE STATUS: Patched CVE SUMMARY: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13020 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13021 CVE STATUS: Patched CVE SUMMARY: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13021 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13022 CVE STATUS: Patched CVE SUMMARY: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13022 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13023 CVE STATUS: Patched CVE SUMMARY: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13023 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13024 CVE STATUS: Patched CVE SUMMARY: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13024 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13025 CVE STATUS: Patched CVE SUMMARY: The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13025 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13026 CVE STATUS: Patched CVE SUMMARY: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13026 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13027 CVE STATUS: Patched CVE SUMMARY: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13027 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13028 CVE STATUS: Patched CVE SUMMARY: The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13028 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13029 CVE STATUS: Patched CVE SUMMARY: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13029 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13030 CVE STATUS: Patched CVE SUMMARY: The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13030 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13031 CVE STATUS: Patched CVE SUMMARY: The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13031 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13032 CVE STATUS: Patched CVE SUMMARY: The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13032 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13033 CVE STATUS: Patched CVE SUMMARY: The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13033 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13034 CVE STATUS: Patched CVE SUMMARY: The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13034 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13035 CVE STATUS: Patched CVE SUMMARY: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13035 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13036 CVE STATUS: Patched CVE SUMMARY: The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13036 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13037 CVE STATUS: Patched CVE SUMMARY: The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13037 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13038 CVE STATUS: Patched CVE SUMMARY: The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13038 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13039 CVE STATUS: Patched CVE SUMMARY: The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13039 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13040 CVE STATUS: Patched CVE SUMMARY: The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13040 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13041 CVE STATUS: Patched CVE SUMMARY: The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13041 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13042 CVE STATUS: Patched CVE SUMMARY: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13042 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13043 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13043 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13044 CVE STATUS: Patched CVE SUMMARY: The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13044 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13045 CVE STATUS: Patched CVE SUMMARY: The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13045 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13046 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13046 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13047 CVE STATUS: Patched CVE SUMMARY: The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13047 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13048 CVE STATUS: Patched CVE SUMMARY: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13048 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13049 CVE STATUS: Patched CVE SUMMARY: The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13049 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13050 CVE STATUS: Patched CVE SUMMARY: The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13050 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13051 CVE STATUS: Patched CVE SUMMARY: The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13051 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13052 CVE STATUS: Patched CVE SUMMARY: The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13052 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13053 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13053 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13054 CVE STATUS: Patched CVE SUMMARY: The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13054 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13055 CVE STATUS: Patched CVE SUMMARY: The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13055 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13687 CVE STATUS: Patched CVE SUMMARY: The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13687 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13688 CVE STATUS: Patched CVE SUMMARY: The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13688 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13689 CVE STATUS: Patched CVE SUMMARY: The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13689 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13690 CVE STATUS: Patched CVE SUMMARY: The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13690 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-13725 CVE STATUS: Patched CVE SUMMARY: The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13725 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-16808 CVE STATUS: Patched CVE SUMMARY: tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16808 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5202 CVE STATUS: Patched CVE SUMMARY: The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5202 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5203 CVE STATUS: Patched CVE SUMMARY: The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5203 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5204 CVE STATUS: Patched CVE SUMMARY: The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5204 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5205 CVE STATUS: Patched CVE SUMMARY: The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5205 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5341 CVE STATUS: Patched CVE SUMMARY: The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5341 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5342 CVE STATUS: Patched CVE SUMMARY: In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5342 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5482 CVE STATUS: Patched CVE SUMMARY: The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5482 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5483 CVE STATUS: Patched CVE SUMMARY: The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5483 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5484 CVE STATUS: Patched CVE SUMMARY: The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5484 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5485 CVE STATUS: Patched CVE SUMMARY: The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5485 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2017-5486 CVE STATUS: Patched CVE SUMMARY: The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print(). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5486 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-10103 CVE STATUS: Patched CVE SUMMARY: tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10103 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-10105 CVE STATUS: Patched CVE SUMMARY: tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-10105 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14461 CVE STATUS: Patched CVE SUMMARY: The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14461 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14462 CVE STATUS: Patched CVE SUMMARY: The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14462 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14463 CVE STATUS: Patched CVE SUMMARY: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14463 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14464 CVE STATUS: Patched CVE SUMMARY: The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14464 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14465 CVE STATUS: Patched CVE SUMMARY: The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14465 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14466 CVE STATUS: Patched CVE SUMMARY: The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14466 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14467 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14467 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14468 CVE STATUS: Patched CVE SUMMARY: The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14468 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14469 CVE STATUS: Patched CVE SUMMARY: The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14469 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14470 CVE STATUS: Patched CVE SUMMARY: The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14470 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14879 CVE STATUS: Patched CVE SUMMARY: The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file(). CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14879 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14880 CVE STATUS: Patched CVE SUMMARY: The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14880 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14881 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14881 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-14882 CVE STATUS: Patched CVE SUMMARY: The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14882 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16227 CVE STATUS: Patched CVE SUMMARY: The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16227 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16228 CVE STATUS: Patched CVE SUMMARY: The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16228 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16229 CVE STATUS: Patched CVE SUMMARY: The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16229 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16230 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16230 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16300 CVE STATUS: Patched CVE SUMMARY: The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16300 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16301 CVE STATUS: Patched CVE SUMMARY: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16301 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16451 CVE STATUS: Patched CVE SUMMARY: The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16451 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-16452 CVE STATUS: Patched CVE SUMMARY: The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16452 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2018-19519 CVE STATUS: Patched CVE SUMMARY: In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19519 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2019-1010220 CVE STATUS: Patched CVE SUMMARY: tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010220 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2019-15166 CVE STATUS: Patched CVE SUMMARY: lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15166 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2019-15167 CVE STATUS: Patched CVE SUMMARY: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-15167 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2020-8036 CVE STATUS: Patched CVE SUMMARY: The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8036 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2020-8037 CVE STATUS: Patched CVE SUMMARY: The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-8037 LAYER: meta-networking PACKAGE NAME: tcpdump PACKAGE VERSION: 4.99.4 CVE: CVE-2023-1801 CVE STATUS: Patched CVE SUMMARY: The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-1801 LAYER: meta PACKAGE NAME: dosfstools PACKAGE VERSION: 4.2 CVE: CVE-2015-8872 CVE STATUS: Patched CVE SUMMARY: The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error." CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8872 LAYER: meta PACKAGE NAME: dosfstools PACKAGE VERSION: 4.2 CVE: CVE-2016-4804 CVE STATUS: Patched CVE SUMMARY: The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4804 LAYER: meta-oe PACKAGE NAME: librelp PACKAGE VERSION: 1.10.0 CVE: CVE-2018-1000140 CVE STATUS: Patched CVE SUMMARY: rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000140 LAYER: meta-oe PACKAGE NAME: augeas PACKAGE VERSION: 1.12.0 CVE: CVE-2012-0786 CVE STATUS: Patched CVE SUMMARY: The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0786 LAYER: meta-oe PACKAGE NAME: augeas PACKAGE VERSION: 1.12.0 CVE: CVE-2012-0787 CVE STATUS: Patched CVE SUMMARY: The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0787 LAYER: meta-oe PACKAGE NAME: augeas PACKAGE VERSION: 1.12.0 CVE: CVE-2012-6607 CVE STATUS: Patched CVE SUMMARY: The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6607 LAYER: meta-oe PACKAGE NAME: augeas PACKAGE VERSION: 1.12.0 CVE: CVE-2013-6412 CVE STATUS: Patched CVE SUMMARY: The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6412 LAYER: meta-oe PACKAGE NAME: augeas PACKAGE VERSION: 1.12.0 CVE: CVE-2017-7555 CVE STATUS: Patched CVE SUMMARY: Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7555 LAYER: meta PACKAGE NAME: procps PACKAGE VERSION: 3.3.17 CVE: CVE-2018-1121 CVE STATUS: Ignored CVE SUMMARY: procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1121 LAYER: meta PACKAGE NAME: procps PACKAGE VERSION: 3.3.17 CVE: CVE-2023-4016 CVE STATUS: Patched CVE SUMMARY: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4016 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2005-2531 CVE STATUS: Patched CVE SUMMARY: OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2531 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2005-2532 CVE STATUS: Patched CVE SUMMARY: OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2532 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2005-2533 CVE STATUS: Patched CVE SUMMARY: OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2533 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2005-2534 CVE STATUS: Patched CVE SUMMARY: Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2534 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2005-3393 CVE STATUS: Patched CVE SUMMARY: Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3393 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2005-3409 CVE STATUS: Patched CVE SUMMARY: OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3409 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2006-1629 CVE STATUS: Patched CVE SUMMARY: OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-1629 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2006-2229 CVE STATUS: Patched CVE SUMMARY: OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2229 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2008-3459 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. CVSS v2 BASE SCORE: 7.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3459 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2013-2061 CVE STATUS: Patched CVE SUMMARY: The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2061 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2014-5455 CVE STATUS: Patched CVE SUMMARY: Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5455 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2014-8104 CVE STATUS: Patched CVE SUMMARY: OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8104 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2016-6329 CVE STATUS: Patched CVE SUMMARY: OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6329 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2017-12166 CVE STATUS: Patched CVE SUMMARY: OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12166 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2017-7478 CVE STATUS: Patched CVE SUMMARY: OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7478 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2017-7479 CVE STATUS: Patched CVE SUMMARY: OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7479 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2017-7508 CVE STATUS: Patched CVE SUMMARY: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7508 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2017-7520 CVE STATUS: Patched CVE SUMMARY: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7520 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2017-7521 CVE STATUS: Patched CVE SUMMARY: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7521 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2017-7522 CVE STATUS: Patched CVE SUMMARY: OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7522 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2018-7544 CVE STATUS: Patched CVE SUMMARY: A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7544 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2018-9336 CVE STATUS: Patched CVE SUMMARY: openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9336 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2020-11810 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11810 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2020-15078 CVE STATUS: Patched CVE SUMMARY: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15078 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2020-20813 CVE STATUS: Patched CVE SUMMARY: Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-20813 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2020-27569 CVE STATUS: Ignored CVE SUMMARY: Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27569 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2020-7224 CVE STATUS: Ignored CVE SUMMARY: The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7224 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2021-3547 CVE STATUS: Patched CVE SUMMARY: OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3547 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2021-3606 CVE STATUS: Patched CVE SUMMARY: OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (openvpn.exe). CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3606 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2022-0547 CVE STATUS: Patched CVE SUMMARY: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0547 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2023-46849 CVE STATUS: Patched CVE SUMMARY: Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-46849 LAYER: upstream-append PACKAGE NAME: openvpn PACKAGE VERSION: 2.6.8 CVE: CVE-2023-46850 CVE STATUS: Patched CVE SUMMARY: Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-46850 LAYER: meta-networking PACKAGE NAME: traceroute PACKAGE VERSION: 2.1.3 CVE: CVE-2018-21268 CVE STATUS: Patched CVE SUMMARY: The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-21268 LAYER: meta-networking PACKAGE NAME: traceroute PACKAGE VERSION: 2.1.3 CVE: CVE-2023-46316 CVE STATUS: Patched CVE SUMMARY: In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-46316 LAYER: meta-oe PACKAGE NAME: libdbi-perl PACKAGE VERSION: 1.643 CVE: CVE-2014-10402 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-10402 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2005-0004 CVE STATUS: Patched CVE SUMMARY: The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-0004 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2009-4484 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4484 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2010-5298 CVE STATUS: Patched CVE SUMMARY: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-5298 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-0540 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0540 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-0572 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0572 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-0574 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0574 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-0578 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0578 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1688 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1688 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1689 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1689 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1690 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1690 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1697 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1697 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1702 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1702 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1703 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1703 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1705 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1705 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1734 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1734 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1735 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1735 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1756 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1756 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-1757 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1757 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-2122 CVE STATUS: Patched CVE SUMMARY: sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2122 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-2750 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2750 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3150 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3150 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3158 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3158 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3160 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3160 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3163 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3163 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3166 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3166 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3167 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3167 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3173 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3173 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3177 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3177 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3180 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3180 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-3197 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3197 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-4414 CVE STATUS: Patched CVE SUMMARY: Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4414 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-5060 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5060 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-5096 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5096 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-5611 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5611 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-5612 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5612 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-5613 CVE STATUS: Patched CVE SUMMARY: MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5613 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-5614 CVE STATUS: Patched CVE SUMMARY: Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5614 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-5615 CVE STATUS: Patched CVE SUMMARY: Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5615 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2012-5627 CVE STATUS: Patched CVE SUMMARY: Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5627 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-0367 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0367 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-0368 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0368 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-0371 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0371 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-0375 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 5.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0375 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-0383 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0383 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-0384 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0384 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-0385 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication. CVSS v2 BASE SCORE: 6.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0385 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-0386 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0386 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-0389 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0389 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1502 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. CVSS v2 BASE SCORE: 1.5 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1502 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1506 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking. CVSS v2 BASE SCORE: 2.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1506 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1511 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1511 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1512 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1512 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1521 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1521 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1523 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1523 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1526 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1526 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1531 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1531 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1532 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1532 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1544 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1544 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1548 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1548 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1552 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1552 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1555 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1555 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-1861 CVE STATUS: Patched CVE SUMMARY: MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1861 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-2375 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2375 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-2376 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2376 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-2378 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2378 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-2389 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2389 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-2391 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install. CVSS v2 BASE SCORE: 3.0 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2391 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-2392 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2392 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3783 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3783 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3793 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3793 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3794 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3794 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3801 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3801 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3802 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3802 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3804 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3804 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3805 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3805 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3808 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3808 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3809 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3809 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3812 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3812 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-3839 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-3839 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-5807 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5807 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-5891 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5891 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2013-5908 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-5908 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0001 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0001 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0195 CVE STATUS: Patched CVE SUMMARY: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0195 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0198 CVE STATUS: Patched CVE SUMMARY: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0198 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0221 CVE STATUS: Patched CVE SUMMARY: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0221 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0224 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0224 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0384 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0384 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0386 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0386 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0393 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0393 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0401 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0401 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0402 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0402 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0412 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0412 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0420 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication. CVSS v2 BASE SCORE: 2.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0420 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-0437 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0437 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-2419 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2419 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-2430 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2430 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-2431 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2431 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-2432 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated. CVSS v2 BASE SCORE: 2.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2432 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-2436 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2436 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-2438 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2438 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-2440 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2440 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-2494 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-2494 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-3470 CVE STATUS: Patched CVE SUMMARY: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3470 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-4207 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4207 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-4243 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. CVSS v2 BASE SCORE: 2.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4243 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-4258 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4258 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-4260 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4260 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-4274 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM. CVSS v2 BASE SCORE: 4.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4274 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-4287 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4287 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6463 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6463 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6464 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6464 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6469 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6469 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6474 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6474 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6478 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6478 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6484 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6484 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6489 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP. CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6489 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6491 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6491 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6494 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6494 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6495 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6495 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6496 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6496 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6500 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6500 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6505 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6505 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6507 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6507 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6520 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6520 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6530 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6530 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6551 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6551 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6555 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6555 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6559 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6559 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6564 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6564 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-6568 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6568 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2014-8964 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8964 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0374 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0374 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0381 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0381 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0382 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0382 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0391 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0391 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0411 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0411 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0432 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0432 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0433 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0433 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0441 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0441 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0499 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0499 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0501 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. CVSS v2 BASE SCORE: 5.7 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0501 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-0505 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0505 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-2325 CVE STATUS: Patched CVE SUMMARY: The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2325 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-2326 CVE STATUS: Patched CVE SUMMARY: The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2326 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-2568 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2568 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-2571 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2571 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-2573 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2573 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-2582 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2582 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-2620 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2620 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-2643 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2643 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-2648 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2648 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-3152 CVE STATUS: Patched CVE SUMMARY: Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3152 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4752 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4752 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4757 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4757 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4792 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. CVSS v2 BASE SCORE: 1.7 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4792 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4802 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4802 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4807 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4807 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4815 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4815 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4816 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4816 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4819 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4819 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4826 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4826 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4830 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4830 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4836 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. CVSS v2 BASE SCORE: 2.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4836 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4858 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4858 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4861 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4861 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4864 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4864 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4866 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4866 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4870 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4870 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4879 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4879 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4895 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4895 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-4913 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4913 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2015-7744 CVE STATUS: Patched CVE SUMMARY: wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7744 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0502 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0502 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0505 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0505 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0546 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0546 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0596 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0596 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0597 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0597 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0598 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0598 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0600 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0600 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0606 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0606 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0608 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0608 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0609 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. CVSS v2 BASE SCORE: 1.7 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0609 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0610 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0610 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0616 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0616 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0640 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 6.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0640 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0641 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0641 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0642 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 4.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0642 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0643 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 3.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0643 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0644 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0644 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0646 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0646 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0647 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0647 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0648 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0648 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0649 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0649 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0650 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0650 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0651 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0651 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0655 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0655 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0666 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0666 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-0668 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. CVSS v2 BASE SCORE: 1.7 CVSS v3 BASE SCORE: 4.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0668 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-2047 CVE STATUS: Patched CVE SUMMARY: The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2047 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-3452 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3452 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-3459 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3459 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-3471 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 7.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3471 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-3477 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. CVSS v2 BASE SCORE: 4.1 CVSS v3 BASE SCORE: 8.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3477 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-3492 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3492 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-3521 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3521 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-3615 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3615 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-5440 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5440 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-5444 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5444 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-5584 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5584 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-5612 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5612 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-5624 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5624 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-5626 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5626 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-5629 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5629 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-5630 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5630 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-6662 CVE STATUS: Patched CVE SUMMARY: Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6662 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-6663 CVE STATUS: Patched CVE SUMMARY: Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6663 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-6664 CVE STATUS: Patched CVE SUMMARY: mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6664 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-7440 CVE STATUS: Patched CVE SUMMARY: The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7440 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-8283 CVE STATUS: Patched CVE SUMMARY: Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8283 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2016-9843 CVE STATUS: Patched CVE SUMMARY: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-9843 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-10268 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). CVSS v2 BASE SCORE: 1.5 CVSS v3 BASE SCORE: 4.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10268 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-10286 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10286 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-10320 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10320 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-10365 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 3.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10365 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-10378 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10378 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-10379 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10379 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-10384 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10384 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-15365 CVE STATUS: Patched CVE SUMMARY: sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15365 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-15945 CVE STATUS: Patched CVE SUMMARY: The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15945 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-16046 CVE STATUS: Patched CVE SUMMARY: `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16046 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3238 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3238 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3243 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3243 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3244 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3244 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3257 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3257 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3258 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3258 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3265 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts). CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3265 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3291 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 6.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3291 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3302 CVE STATUS: Patched CVE SUMMARY: Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3302 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3308 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 7.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3308 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3309 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 7.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3309 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3312 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3312 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3313 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). CVSS v2 BASE SCORE: 1.5 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3313 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3317 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). CVSS v2 BASE SCORE: 1.5 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3317 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3318 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). CVSS v2 BASE SCORE: 1.0 CVSS v3 BASE SCORE: 4.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3318 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3453 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3453 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3456 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3456 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3464 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3464 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3600 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). CVSS v2 BASE SCORE: 6.0 CVSS v3 BASE SCORE: 6.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3600 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3636 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3636 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3641 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3641 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3651 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3651 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2017-3653 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 3.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-3653 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-25032 CVE STATUS: Patched CVE SUMMARY: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-25032 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2562 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2562 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2612 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2612 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2622 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2622 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2640 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2640 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2665 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2665 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2668 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2668 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2755 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 7.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2755 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2759 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2759 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2761 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2761 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2766 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2766 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2767 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 3.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2767 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2771 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2771 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2777 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2777 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2781 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2781 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2782 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2782 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2784 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2784 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2786 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2786 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2787 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2787 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2810 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2810 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2813 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2813 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2817 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2817 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-2819 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-2819 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3058 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3058 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3060 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3060 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3063 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3063 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3064 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 7.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3064 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3066 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 3.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3066 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3081 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 5.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3081 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3133 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3133 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3143 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3143 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3156 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3156 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3162 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3162 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3173 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3173 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3174 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H). CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3174 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3185 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3185 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3200 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3200 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3251 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3251 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3277 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3277 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3282 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3282 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2018-3284 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-3284 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2455 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2455 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2481 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2481 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2503 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). CVSS v2 BASE SCORE: 3.8 CVSS v3 BASE SCORE: 6.4 VECTOR: ADJACENT_NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2503 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2510 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2510 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2529 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2529 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2537 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2537 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2614 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2614 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2627 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2627 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2628 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2628 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2737 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2737 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2739 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 5.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2739 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2740 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2740 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2758 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2758 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2805 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2805 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2938 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2938 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2019-2974 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-2974 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-14550 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14550 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-14765 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14765 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-14776 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14776 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-14789 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14789 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-14812 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14812 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-15180 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 9.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15180 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-2574 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-2574 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-2752 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-2752 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-2760 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-2760 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-2780 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-2780 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-2812 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-2812 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-2814 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-2814 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-28912 CVE STATUS: Patched CVE SUMMARY: With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-28912 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-2922 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-2922 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2020-7221 CVE STATUS: Patched CVE SUMMARY: mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7221 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2007 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 3.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2007 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2011 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2011 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2022 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2022 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2032 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2032 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2144 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2144 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2154 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2154 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2166 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2166 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2174 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2174 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2180 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2180 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2194 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2194 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2372 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2372 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-2389 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-2389 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-27928 CVE STATUS: Patched CVE SUMMARY: A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. CVSS v2 BASE SCORE: 9.0 CVSS v3 BASE SCORE: 7.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27928 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-35604 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CVSS v2 BASE SCORE: 5.5 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-35604 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46657 CVE STATUS: Patched CVE SUMMARY: get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46657 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46658 CVE STATUS: Patched CVE SUMMARY: save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46658 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46659 CVE STATUS: Patched CVE SUMMARY: MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46659 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46661 CVE STATUS: Patched CVE SUMMARY: MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46661 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46662 CVE STATUS: Patched CVE SUMMARY: MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46662 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46663 CVE STATUS: Patched CVE SUMMARY: MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46663 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46664 CVE STATUS: Patched CVE SUMMARY: MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46664 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46665 CVE STATUS: Patched CVE SUMMARY: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46665 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46666 CVE STATUS: Patched CVE SUMMARY: MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46666 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46667 CVE STATUS: Patched CVE SUMMARY: MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46667 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46668 CVE STATUS: Patched CVE SUMMARY: MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46668 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2021-46669 CVE STATUS: Patched CVE SUMMARY: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-46669 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-0778 CVE STATUS: Patched CVE SUMMARY: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0778 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-21427 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-21427 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-21451 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-21451 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-21595 CVE STATUS: Patched CVE SUMMARY: Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 4.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-21595 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-24048 CVE STATUS: Patched CVE SUMMARY: MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24048 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-24050 CVE STATUS: Patched CVE SUMMARY: MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24050 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-24051 CVE STATUS: Patched CVE SUMMARY: MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24051 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-24052 CVE STATUS: Patched CVE SUMMARY: MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-24052 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27376 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27376 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27377 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27377 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27378 CVE STATUS: Patched CVE SUMMARY: An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27378 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27379 CVE STATUS: Patched CVE SUMMARY: An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27379 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27380 CVE STATUS: Patched CVE SUMMARY: An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27380 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27381 CVE STATUS: Patched CVE SUMMARY: An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27381 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27382 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27382 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27383 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27383 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27384 CVE STATUS: Patched CVE SUMMARY: An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27384 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27385 CVE STATUS: Patched CVE SUMMARY: An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27385 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27386 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27386 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27387 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27387 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27444 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27444 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27445 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27445 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27446 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27446 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27447 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27447 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27448 CVE STATUS: Patched CVE SUMMARY: There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27448 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27449 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27449 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27451 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27451 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27452 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27452 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27455 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27455 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27456 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27456 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27457 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27457 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-27458 CVE STATUS: Patched CVE SUMMARY: MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27458 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-31621 CVE STATUS: Patched CVE SUMMARY: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31621 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-31622 CVE STATUS: Patched CVE SUMMARY: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31622 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-31623 CVE STATUS: Patched CVE SUMMARY: MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31623 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-31624 CVE STATUS: Patched CVE SUMMARY: MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-31624 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32081 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32081 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32082 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32082 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32083 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32083 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32084 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32084 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32085 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32085 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32086 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32086 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32087 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32087 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32088 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32088 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32089 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32089 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-32091 CVE STATUS: Patched CVE SUMMARY: MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-32091 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-38791 CVE STATUS: Patched CVE SUMMARY: In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-38791 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2022-47015 CVE STATUS: Patched CVE SUMMARY: MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-47015 LAYER: meta-oe PACKAGE NAME: mariadb PACKAGE VERSION: 10.7.8 CVE: CVE-2023-5157 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5157 LAYER: meta-opengear PACKAGE NAME: python3-setuptools PACKAGE VERSION: 67.6.1 CVE: CVE-2013-1633 CVE STATUS: Patched CVE SUMMARY: easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1633 LAYER: meta-opengear PACKAGE NAME: python3-setuptools PACKAGE VERSION: 67.6.1 CVE: CVE-2022-40897 CVE STATUS: Patched CVE SUMMARY: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40897 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.2 CVE: CVE-2017-14061 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14061 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.2 CVE: CVE-2017-14062 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14062 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.2 CVE: CVE-2019-12290 CVE STATUS: Patched CVE SUMMARY: GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-12290 LAYER: meta PACKAGE NAME: libidn2 PACKAGE VERSION: 2.3.2 CVE: CVE-2019-18224 CVE STATUS: Patched CVE SUMMARY: idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18224 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2010-0292 CVE STATUS: Patched CVE SUMMARY: The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0292 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2010-0293 CVE STATUS: Patched CVE SUMMARY: The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0293 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2010-0294 CVE STATUS: Patched CVE SUMMARY: chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0294 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2012-4502 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4502 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2012-4503 CVE STATUS: Patched CVE SUMMARY: cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command to the handle_client_accesses function when client logging is disabled, which causes uninitialized data to be included in a reply. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4503 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2014-0021 CVE STATUS: Patched CVE SUMMARY: Chrony before 1.29.1 has traffic amplification in cmdmon protocol CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0021 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2015-1821 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1821 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2015-1822 CVE STATUS: Patched CVE SUMMARY: chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests. CVSS v2 BASE SCORE: 6.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1822 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2015-1853 CVE STATUS: Patched CVE SUMMARY: chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1853 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2016-1567 CVE STATUS: Patched CVE SUMMARY: chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1567 LAYER: meta-networking PACKAGE NAME: chrony PACKAGE VERSION: 4.2 CVE: CVE-2020-14367 CVE STATUS: Patched CVE SUMMARY: A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. CVSS v2 BASE SCORE: 3.6 CVSS v3 BASE SCORE: 6.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-14367 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2008-2935 CVE STATUS: Patched CVE SUMMARY: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2935 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2011-1202 CVE STATUS: Patched CVE SUMMARY: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1202 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2011-3970 CVE STATUS: Patched CVE SUMMARY: libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-3970 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2012-2870 CVE STATUS: Patched CVE SUMMARY: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2870 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2012-6139 CVE STATUS: Patched CVE SUMMARY: libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6139 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2013-4520 CVE STATUS: Patched CVE SUMMARY: xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4520 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2015-7995 CVE STATUS: Patched CVE SUMMARY: The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7995 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2015-9019 CVE STATUS: Patched CVE SUMMARY: In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-9019 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2016-1683 CVE STATUS: Patched CVE SUMMARY: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1683 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2016-1684 CVE STATUS: Patched CVE SUMMARY: numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1684 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2016-4607 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4607 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2016-4608 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4608 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2016-4609 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4609 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2016-4610 CVE STATUS: Patched CVE SUMMARY: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4610 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2017-5029 CVE STATUS: Patched CVE SUMMARY: The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5029 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2019-11068 CVE STATUS: Patched CVE SUMMARY: libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11068 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2019-13117 CVE STATUS: Patched CVE SUMMARY: In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13117 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2019-13118 CVE STATUS: Patched CVE SUMMARY: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13118 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2019-18197 CVE STATUS: Patched CVE SUMMARY: In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18197 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2019-5815 CVE STATUS: Patched CVE SUMMARY: Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5815 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2021-30560 CVE STATUS: Patched CVE SUMMARY: Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-30560 LAYER: meta PACKAGE NAME: libxslt PACKAGE VERSION: 1.1.35 CVE: CVE-2022-29824 CVE STATUS: Ignored CVE SUMMARY: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29824 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2003-1564 CVE STATUS: Patched CVE SUMMARY: libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-1564 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2004-0110 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0110 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2004-0989 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0989 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2008-3281 CVE STATUS: Patched CVE SUMMARY: libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3281 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2008-3529 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-3529 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2008-4409 CVE STATUS: Patched CVE SUMMARY: libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4409 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2009-2414 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2414 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2009-2416 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2416 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2010-4008 CVE STATUS: Patched CVE SUMMARY: libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4008 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2010-4494 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4494 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2011-1944 CVE STATUS: Patched CVE SUMMARY: Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1944 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2012-0841 CVE STATUS: Patched CVE SUMMARY: libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0841 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2012-2871 CVE STATUS: Patched CVE SUMMARY: libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2871 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2012-5134 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-5134 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2013-0338 CVE STATUS: Patched CVE SUMMARY: libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0338 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2013-0339 CVE STATUS: Patched CVE SUMMARY: libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0339 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2013-1969 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1969 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2013-2877 CVE STATUS: Patched CVE SUMMARY: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2877 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2014-3660 CVE STATUS: Patched CVE SUMMARY: parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3660 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-5312 CVE STATUS: Patched CVE SUMMARY: The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5312 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-6837 CVE STATUS: Patched CVE SUMMARY: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6837 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-6838 CVE STATUS: Patched CVE SUMMARY: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6838 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-7497 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7497 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-7498 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7498 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-7499 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7499 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-7500 CVE STATUS: Patched CVE SUMMARY: The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7500 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-7941 CVE STATUS: Patched CVE SUMMARY: libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7941 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-7942 CVE STATUS: Patched CVE SUMMARY: The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7942 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-8035 CVE STATUS: Patched CVE SUMMARY: The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8035 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-8241 CVE STATUS: Patched CVE SUMMARY: The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8241 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-8242 CVE STATUS: Patched CVE SUMMARY: The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8242 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-8317 CVE STATUS: Patched CVE SUMMARY: The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8317 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-8710 CVE STATUS: Patched CVE SUMMARY: The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8710 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2015-8806 CVE STATUS: Patched CVE SUMMARY: dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9047 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2017-9048 CVE STATUS: Patched CVE SUMMARY: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9048 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2017-9049 CVE STATUS: Patched CVE SUMMARY: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9049 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2017-9050 CVE STATUS: Patched CVE SUMMARY: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9050 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2018-14404 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14404 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2018-14567 CVE STATUS: Patched CVE SUMMARY: libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-14567 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2018-9251 CVE STATUS: Patched CVE SUMMARY: The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-9251 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2019-19956 CVE STATUS: Patched CVE SUMMARY: xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19956 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2019-20388 CVE STATUS: Patched CVE SUMMARY: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20388 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2020-24977 CVE STATUS: Patched CVE SUMMARY: GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-24977 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2020-7595 CVE STATUS: Patched CVE SUMMARY: xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-7595 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2021-3517 CVE STATUS: Patched CVE SUMMARY: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3517 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2021-3518 CVE STATUS: Patched CVE SUMMARY: There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3518 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2021-3537 CVE STATUS: Patched CVE SUMMARY: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3537 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2021-3541 CVE STATUS: Patched CVE SUMMARY: A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3541 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2022-23308 CVE STATUS: Patched CVE SUMMARY: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23308 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2022-29824 CVE STATUS: Patched CVE SUMMARY: In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29824 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2022-40303 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40303 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2022-40304 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-40304 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2023-28484 CVE STATUS: Patched CVE SUMMARY: In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-28484 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2023-29469 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29469 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2023-39615 CVE STATUS: Patched CVE SUMMARY: Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-39615 LAYER: meta PACKAGE NAME: libxml2 PACKAGE VERSION: 2.9.14 CVE: CVE-2023-45322 CVE STATUS: Patched CVE SUMMARY: libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-45322 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2000-0336 CVE STATUS: Patched CVE SUMMARY: Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0336 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2000-0748 CVE STATUS: Patched CVE SUMMARY: OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0748 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2001-0977 CVE STATUS: Patched CVE SUMMARY: slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-0977 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2002-0045 CVE STATUS: Patched CVE SUMMARY: slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0045 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2002-1378 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allow remote attackers to execute arbitrary code via (1) long -t or -r parameters to slurpd, (2) a malicious ldapfilter.conf file that is not properly handled by getfilter functions, (3) a malicious ldaptemplates.conf that causes an overflow in libldap, (4) a certain access control list that causes an overflow in slapd, or (5) a long generated filename for logging rejected replication requests. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1378 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2002-1379 CVE STATUS: Patched CVE SUMMARY: OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1379 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2002-1508 CVE STATUS: Patched CVE SUMMARY: slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1508 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2003-1201 CVE STATUS: Patched CVE SUMMARY: ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-1201 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2004-0823 CVE STATUS: Patched CVE SUMMARY: OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0823 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2004-1880 CVE STATUS: Patched CVE SUMMARY: Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1880 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2005-4442 CVE STATUS: Patched CVE SUMMARY: Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-4442 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2006-2754 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-2754 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2006-4600 CVE STATUS: Patched CVE SUMMARY: slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). CVSS v2 BASE SCORE: 2.3 CVSS v3 BASE SCORE: 0.0 VECTOR: ADJACENT_NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-4600 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2006-5779 CVE STATUS: Patched CVE SUMMARY: OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-5779 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2006-6493 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-6493 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2007-5707 CVE STATUS: Patched CVE SUMMARY: OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5707 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2007-5708 CVE STATUS: Patched CVE SUMMARY: slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5708 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2007-6698 CVE STATUS: Patched CVE SUMMARY: The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote authenticated users to cause a denial of service (crash) via a potentially-successful modify operation with the NOOP control set to critical, possibly due to a double free vulnerability. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-6698 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2008-0658 CVE STATUS: Patched CVE SUMMARY: slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-0658 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2008-2952 CVE STATUS: Patched CVE SUMMARY: liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-2952 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2009-3767 CVE STATUS: Patched CVE SUMMARY: libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3767 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2010-0211 CVE STATUS: Patched CVE SUMMARY: The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0211 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2010-0212 CVE STATUS: Patched CVE SUMMARY: OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0212 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2011-1024 CVE STATUS: Patched CVE SUMMARY: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1024 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2011-1025 CVE STATUS: Patched CVE SUMMARY: bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1025 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2011-1081 CVE STATUS: Patched CVE SUMMARY: modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1081 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2011-4079 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4079 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2012-1164 CVE STATUS: Patched CVE SUMMARY: slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1164 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2012-2668 CVE STATUS: Patched CVE SUMMARY: libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2668 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2013-4449 CVE STATUS: Patched CVE SUMMARY: The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4449 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2014-8182 CVE STATUS: Patched CVE SUMMARY: An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8182 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2014-9713 CVE STATUS: Patched CVE SUMMARY: The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9713 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2015-1545 CVE STATUS: Patched CVE SUMMARY: The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1545 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2015-1546 CVE STATUS: Patched CVE SUMMARY: Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1546 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2015-3276 CVE STATUS: Ignored CVE SUMMARY: The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3276 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2015-6908 CVE STATUS: Patched CVE SUMMARY: The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6908 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2017-14159 CVE STATUS: Patched CVE SUMMARY: slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14159 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2017-17740 CVE STATUS: Patched CVE SUMMARY: contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17740 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2017-9287 CVE STATUS: Patched CVE SUMMARY: servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-9287 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2019-13057 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) CVSS v2 BASE SCORE: 3.5 CVSS v3 BASE SCORE: 4.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13057 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2019-13565 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-13565 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-12243 CVE STATUS: Patched CVE SUMMARY: In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-12243 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-15719 CVE STATUS: Patched CVE SUMMARY: libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15719 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-25692 CVE STATUS: Patched CVE SUMMARY: A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25692 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-25709 CVE STATUS: Patched CVE SUMMARY: A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25709 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-25710 CVE STATUS: Patched CVE SUMMARY: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-25710 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36221 CVE STATUS: Patched CVE SUMMARY: An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36221 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36222 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36222 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36223 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36223 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36224 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36224 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36225 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36225 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36226 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36226 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36227 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36227 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36228 CVE STATUS: Patched CVE SUMMARY: An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36228 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36229 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36229 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2020-36230 CVE STATUS: Patched CVE SUMMARY: A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-36230 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2021-27212 CVE STATUS: Patched CVE SUMMARY: In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27212 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2022-29155 CVE STATUS: Patched CVE SUMMARY: In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-29155 LAYER: meta-oe PACKAGE NAME: openldap PACKAGE VERSION: 2.5.16 CVE: CVE-2023-2953 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-2953 LAYER: meta PACKAGE NAME: inetutils PACKAGE VERSION: 2.2 CVE: CVE-2011-4862 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4862 LAYER: meta PACKAGE NAME: inetutils PACKAGE VERSION: 2.2 CVE: CVE-2021-40491 CVE STATUS: Patched CVE SUMMARY: The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-40491 LAYER: meta PACKAGE NAME: inetutils PACKAGE VERSION: 2.2 CVE: CVE-2022-39028 CVE STATUS: Patched CVE SUMMARY: telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39028 LAYER: meta PACKAGE NAME: inetutils PACKAGE VERSION: 2.2 CVE: CVE-2023-40303 CVE STATUS: Patched CVE SUMMARY: GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-40303 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-1999-0199 CVE STATUS: Patched CVE SUMMARY: manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-1999-0199 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2000-0335 CVE STATUS: Patched CVE SUMMARY: The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0335 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2000-0824 CVE STATUS: Patched CVE SUMMARY: The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0824 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2000-0959 CVE STATUS: Patched CVE SUMMARY: glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2000-0959 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2002-0684 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-0684 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2002-1146 CVE STATUS: Patched CVE SUMMARY: The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1146 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2002-1265 CVE STATUS: Patched CVE SUMMARY: The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2002-1265 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2003-0028 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0028 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2003-0859 CVE STATUS: Patched CVE SUMMARY: The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0859 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2004-0968 CVE STATUS: Patched CVE SUMMARY: The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0968 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2004-1382 CVE STATUS: Patched CVE SUMMARY: The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1382 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2004-1453 CVE STATUS: Patched CVE SUMMARY: GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-1453 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2005-3590 CVE STATUS: Patched CVE SUMMARY: The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-3590 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2006-7254 CVE STATUS: Patched CVE SUMMARY: The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7254 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2007-3508 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3508 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2009-4880 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4880 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2009-4881 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4881 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2009-5029 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5029 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2009-5064 CVE STATUS: Patched CVE SUMMARY: ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5064 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2009-5155 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-5155 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2010-0015 CVE STATUS: Patched CVE SUMMARY: nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0015 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2010-0296 CVE STATUS: Patched CVE SUMMARY: The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0296 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2010-0830 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-0830 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2010-3192 CVE STATUS: Patched CVE SUMMARY: Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3192 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2010-3847 CVE STATUS: Patched CVE SUMMARY: elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3847 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2010-3856 CVE STATUS: Patched CVE SUMMARY: ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-3856 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2010-4051 CVE STATUS: Patched CVE SUMMARY: The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4051 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2010-4052 CVE STATUS: Patched CVE SUMMARY: Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4052 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2010-4756 CVE STATUS: Unpatched CVE SUMMARY: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4756 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2011-0536 CVE STATUS: Patched CVE SUMMARY: Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0536 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2011-1071 CVE STATUS: Patched CVE SUMMARY: The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1071 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2011-1089 CVE STATUS: Patched CVE SUMMARY: The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1089 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2011-1095 CVE STATUS: Patched CVE SUMMARY: locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. CVSS v2 BASE SCORE: 6.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1095 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2011-1658 CVE STATUS: Patched CVE SUMMARY: ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1658 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2011-1659 CVE STATUS: Patched CVE SUMMARY: Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1659 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2011-2702 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-2702 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2011-4609 CVE STATUS: Patched CVE SUMMARY: The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4609 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2011-5320 CVE STATUS: Patched CVE SUMMARY: scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.2 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-5320 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2012-0864 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-0864 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2012-3404 CVE STATUS: Patched CVE SUMMARY: The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.12 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (stack corruption and crash) via a format string that uses positional parameters and many format specifiers. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3404 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2012-3405 CVE STATUS: Patched CVE SUMMARY: The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (segmentation fault and crash) via a format string with a large number of format specifiers that triggers "desynchronization within the buffer size handling," a different vulnerability than CVE-2012-3404. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3405 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2012-3406 CVE STATUS: Patched CVE SUMMARY: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3406 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2012-3480 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-3480 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2012-4412 CVE STATUS: Patched CVE SUMMARY: Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4412 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2012-4424 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-4424 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2012-6656 CVE STATUS: Patched CVE SUMMARY: iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-6656 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2013-0242 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0242 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2013-1914 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-1914 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2013-2207 CVE STATUS: Patched CVE SUMMARY: pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. CVSS v2 BASE SCORE: 2.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2207 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2013-4237 CVE STATUS: Patched CVE SUMMARY: sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4237 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2013-4332 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4332 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2013-4458 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of AF_INET6 address results. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1914. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4458 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2013-4788 CVE STATUS: Patched CVE SUMMARY: The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4788 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2013-7423 CVE STATUS: Patched CVE SUMMARY: The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7423 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2013-7424 CVE STATUS: Patched CVE SUMMARY: The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. CVSS v2 BASE SCORE: 5.1 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7424 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2014-0475 CVE STATUS: Patched CVE SUMMARY: Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0475 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2014-4043 CVE STATUS: Patched CVE SUMMARY: The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-4043 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2014-5119 CVE STATUS: Patched CVE SUMMARY: Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-5119 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2014-6040 CVE STATUS: Patched CVE SUMMARY: GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-6040 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2014-7817 CVE STATUS: Patched CVE SUMMARY: The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-7817 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2014-8121 CVE STATUS: Patched CVE SUMMARY: DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-8121 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2014-9402 CVE STATUS: Patched CVE SUMMARY: The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9402 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2014-9761 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9761 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2014-9984 CVE STATUS: Patched CVE SUMMARY: nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9984 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-0235 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-0235 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-1472 CVE STATUS: Patched CVE SUMMARY: The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1472 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-1473 CVE STATUS: Patched CVE SUMMARY: The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1473 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-1781 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1781 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-20109 CVE STATUS: Patched CVE SUMMARY: end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-20109 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-5180 CVE STATUS: Patched CVE SUMMARY: res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5180 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-5277 CVE STATUS: Patched CVE SUMMARY: The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5277 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-7547 CVE STATUS: Patched CVE SUMMARY: Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-7547 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-8776 CVE STATUS: Patched CVE SUMMARY: The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8776 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-8777 CVE STATUS: Patched CVE SUMMARY: The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8777 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-8778 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8778 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-8779 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8779 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-8982 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8982 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-8983 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8983 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-8984 CVE STATUS: Patched CVE SUMMARY: The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8984 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2015-8985 CVE STATUS: Patched CVE SUMMARY: The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8985 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2016-10228 CVE STATUS: Patched CVE SUMMARY: The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10228 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2016-10739 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10739 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2016-1234 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1234 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2016-3075 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3075 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2016-3706 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-3706 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2016-4429 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4429 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2016-5417 CVE STATUS: Patched CVE SUMMARY: Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5417 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2016-6323 CVE STATUS: Patched CVE SUMMARY: The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6323 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-1000366 CVE STATUS: Patched CVE SUMMARY: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000366 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-1000408 CVE STATUS: Patched CVE SUMMARY: A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000408 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-1000409 CVE STATUS: Patched CVE SUMMARY: A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. CVSS v2 BASE SCORE: 6.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000409 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-12132 CVE STATUS: Patched CVE SUMMARY: The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12132 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-12133 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-12133 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-15670 CVE STATUS: Patched CVE SUMMARY: The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15670 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-15671 CVE STATUS: Patched CVE SUMMARY: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15671 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-15804 CVE STATUS: Patched CVE SUMMARY: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15804 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-16997 CVE STATUS: Patched CVE SUMMARY: elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-16997 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-17426 CVE STATUS: Patched CVE SUMMARY: The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-17426 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-18269 CVE STATUS: Patched CVE SUMMARY: An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18269 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2017-8804 CVE STATUS: Patched CVE SUMMARY: The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. NOTE: [Information provided from upstream and references CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-8804 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2018-1000001 CVE STATUS: Patched CVE SUMMARY: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000001 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2018-11236 CVE STATUS: Patched CVE SUMMARY: stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11236 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2018-11237 CVE STATUS: Patched CVE SUMMARY: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-11237 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2018-19591 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-19591 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2018-20796 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20796 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2018-6485 CVE STATUS: Patched CVE SUMMARY: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6485 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2018-6551 CVE STATUS: Patched CVE SUMMARY: The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-6551 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-1010022 CVE STATUS: Ignored CVE SUMMARY: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-1010023 CVE STATUS: Ignored CVE SUMMARY: GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010023 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-1010024 CVE STATUS: Ignored CVE SUMMARY: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010024 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-1010025 CVE STATUS: Ignored CVE SUMMARY: GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1010025 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-19126 CVE STATUS: Patched CVE SUMMARY: On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 3.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19126 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-25013 CVE STATUS: Patched CVE SUMMARY: The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. CVSS v2 BASE SCORE: 7.1 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-25013 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-6488 CVE STATUS: Patched CVE SUMMARY: The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-6488 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-7309 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-7309 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-9169 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9169 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2019-9192 CVE STATUS: Patched CVE SUMMARY: In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9192 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2020-10029 CVE STATUS: Ignored CVE SUMMARY: The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-10029 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2020-1751 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 5.9 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1751 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2020-1752 CVE STATUS: Patched CVE SUMMARY: A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-1752 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2020-27618 CVE STATUS: Patched CVE SUMMARY: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-27618 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2020-29562 CVE STATUS: Patched CVE SUMMARY: The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29562 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2020-29573 CVE STATUS: Patched CVE SUMMARY: sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-29573 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2020-6096 CVE STATUS: Patched CVE SUMMARY: An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-6096 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2021-27645 CVE STATUS: Ignored CVE SUMMARY: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 2.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-27645 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2021-3326 CVE STATUS: Patched CVE SUMMARY: The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3326 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2021-33574 CVE STATUS: Patched CVE SUMMARY: The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-33574 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2021-35942 CVE STATUS: Patched CVE SUMMARY: The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 9.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-35942 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2021-38604 CVE STATUS: Patched CVE SUMMARY: In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-38604 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2021-3998 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3998 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2021-3999 CVE STATUS: Patched CVE SUMMARY: A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3999 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2021-43396 CVE STATUS: Patched CVE SUMMARY: In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-43396 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2022-23218 CVE STATUS: Patched CVE SUMMARY: The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23218 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2022-23219 CVE STATUS: Patched CVE SUMMARY: The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-23219 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2022-39046 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-39046 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2023-0687 CVE STATUS: Patched CVE SUMMARY: A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 9.8 VECTOR: ADJACENT_NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-0687 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2023-25139 CVE STATUS: Patched CVE SUMMARY: sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-25139 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2023-4527 CVE STATUS: Ignored CVE SUMMARY: A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4527 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2023-4806 CVE STATUS: Ignored CVE SUMMARY: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4806 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2023-4813 CVE STATUS: Ignored CVE SUMMARY: A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4813 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2023-4911 CVE STATUS: Ignored CVE SUMMARY: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-4911 LAYER: meta PACKAGE NAME: glibc PACKAGE VERSION: 2.35 CVE: CVE-2023-5156 CVE STATUS: Ignored CVE SUMMARY: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-5156 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.0 CVE: CVE-2005-1039 CVE STATUS: Patched CVE SUMMARY: Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. CVSS v2 BASE SCORE: 3.7 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-1039 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.0 CVE: CVE-2008-1946 CVE STATUS: Patched CVE SUMMARY: The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1946 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.0 CVE: CVE-2009-4135 CVE STATUS: Patched CVE SUMMARY: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4135 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.0 CVE: CVE-2014-9471 CVE STATUS: Patched CVE SUMMARY: The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9471 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.0 CVE: CVE-2015-1865 CVE STATUS: Patched CVE SUMMARY: fts.c in coreutils 8.4 allows local users to delete arbitrary files. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-1865 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.0 CVE: CVE-2015-4041 CVE STATUS: Patched CVE SUMMARY: The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4041 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.0 CVE: CVE-2015-4042 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-4042 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.0 CVE: CVE-2016-2781 CVE STATUS: Ignored CVE SUMMARY: chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 6.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2781 LAYER: meta PACKAGE NAME: coreutils PACKAGE VERSION: 9.0 CVE: CVE-2017-18018 CVE STATUS: Patched CVE SUMMARY: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-18018 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2009-2629 CVE STATUS: Patched CVE SUMMARY: Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-2629 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2009-3555 CVE STATUS: Patched CVE SUMMARY: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3555 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2009-3896 CVE STATUS: Patched CVE SUMMARY: src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3896 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2009-3898 CVE STATUS: Patched CVE SUMMARY: Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-3898 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2009-4487 CVE STATUS: Patched CVE SUMMARY: nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2009-4487 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2010-2263 CVE STATUS: Patched CVE SUMMARY: nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2263 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2010-2266 CVE STATUS: Patched CVE SUMMARY: nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-2266 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2010-4180 CVE STATUS: Patched CVE SUMMARY: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4180 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2011-4315 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4315 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2011-4963 CVE STATUS: Patched CVE SUMMARY: nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4963 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2011-4968 CVE STATUS: Patched CVE SUMMARY: nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 4.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-4968 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2012-1180 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-1180 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2012-2089 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2012-2089 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2013-0337 CVE STATUS: Patched CVE SUMMARY: The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0337 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2013-2028 CVE STATUS: Patched CVE SUMMARY: The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2028 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2013-2070 CVE STATUS: Patched CVE SUMMARY: http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-2070 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2013-4547 CVE STATUS: Patched CVE SUMMARY: nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-4547 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2014-0088 CVE STATUS: Patched CVE SUMMARY: The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0088 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2014-0133 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-0133 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2014-3556 CVE STATUS: Patched CVE SUMMARY: The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3556 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2014-3616 CVE STATUS: Patched CVE SUMMARY: nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cache or ssl_session_ticket_key for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-3616 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2016-0742 CVE STATUS: Patched CVE SUMMARY: The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0742 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2016-0746 CVE STATUS: Patched CVE SUMMARY: Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0746 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2016-0747 CVE STATUS: Patched CVE SUMMARY: The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-0747 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2016-1247 CVE STATUS: Patched CVE SUMMARY: The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1247 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2016-4450 CVE STATUS: Patched CVE SUMMARY: os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4450 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2017-20005 CVE STATUS: Patched CVE SUMMARY: NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-20005 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2017-7529 CVE STATUS: Patched CVE SUMMARY: Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7529 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2018-16843 CVE STATUS: Patched CVE SUMMARY: nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16843 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2018-16844 CVE STATUS: Patched CVE SUMMARY: nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16844 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2018-16845 CVE STATUS: Patched CVE SUMMARY: nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 8.2 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-16845 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2019-20372 CVE STATUS: Patched CVE SUMMARY: NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20372 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2019-9511 CVE STATUS: Patched CVE SUMMARY: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9511 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2019-9513 CVE STATUS: Patched CVE SUMMARY: Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. CVSS v2 BASE SCORE: 7.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9513 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2019-9516 CVE STATUS: Patched CVE SUMMARY: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9516 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2021-23017 CVE STATUS: Patched CVE SUMMARY: A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.7 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23017 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2021-3618 CVE STATUS: Patched CVE SUMMARY: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 7.4 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3618 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2022-41741 CVE STATUS: Patched CVE SUMMARY: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41741 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2022-41742 CVE STATUS: Patched CVE SUMMARY: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.1 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41742 LAYER: meta-webserver PACKAGE NAME: nginx PACKAGE VERSION: 1.24.0 CVE: CVE-2023-44487 CVE STATUS: Unpatched CVE SUMMARY: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-44487 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2007-3641 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. CVSS v2 BASE SCORE: 9.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3641 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2007-3644 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3644 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2007-3645 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-3645 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2010-4666 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2010-4666 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2011-1777 CVE STATUS: Patched CVE SUMMARY: Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1777 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2011-1778 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1778 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2011-1779 CVE STATUS: Patched CVE SUMMARY: Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1779 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2013-0211 CVE STATUS: Patched CVE SUMMARY: Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0211 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-2304 CVE STATUS: Patched CVE SUMMARY: Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. CVSS v2 BASE SCORE: 6.4 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-2304 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8915 CVE STATUS: Patched CVE SUMMARY: bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8915 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8916 CVE STATUS: Patched CVE SUMMARY: bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8916 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8917 CVE STATUS: Patched CVE SUMMARY: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8917 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8918 CVE STATUS: Patched CVE SUMMARY: The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8918 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8919 CVE STATUS: Patched CVE SUMMARY: The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8919 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8920 CVE STATUS: Patched CVE SUMMARY: The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8920 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8921 CVE STATUS: Patched CVE SUMMARY: The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8921 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8922 CVE STATUS: Patched CVE SUMMARY: The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8922 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8923 CVE STATUS: Patched CVE SUMMARY: The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8923 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8924 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8924 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8925 CVE STATUS: Patched CVE SUMMARY: The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8925 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8926 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8926 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8927 CVE STATUS: Patched CVE SUMMARY: The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8927 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8928 CVE STATUS: Patched CVE SUMMARY: The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8928 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8929 CVE STATUS: Patched CVE SUMMARY: Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8929 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8930 CVE STATUS: Patched CVE SUMMARY: bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8930 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8931 CVE STATUS: Patched CVE SUMMARY: Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8931 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8932 CVE STATUS: Patched CVE SUMMARY: The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8932 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8933 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8933 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2015-8934 CVE STATUS: Patched CVE SUMMARY: The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-8934 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-10209 CVE STATUS: Patched CVE SUMMARY: The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10209 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-10349 CVE STATUS: Patched CVE SUMMARY: The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10349 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-10350 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10350 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-1541 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-1541 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-4300 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4300 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-4301 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4301 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-4302 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 7.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4302 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-4809 CVE STATUS: Patched CVE SUMMARY: The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-4809 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-5418 CVE STATUS: Patched CVE SUMMARY: The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5418 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-5844 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5844 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-6250 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 8.6 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6250 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-7166 CVE STATUS: Patched CVE SUMMARY: libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-7166 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-8687 CVE STATUS: Patched CVE SUMMARY: Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8687 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-8688 CVE STATUS: Patched CVE SUMMARY: The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8688 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2016-8689 CVE STATUS: Patched CVE SUMMARY: The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-8689 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2017-14166 CVE STATUS: Patched CVE SUMMARY: libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14166 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2017-14501 CVE STATUS: Patched CVE SUMMARY: An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14501 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2017-14502 CVE STATUS: Patched CVE SUMMARY: read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14502 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2017-14503 CVE STATUS: Patched CVE SUMMARY: libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-14503 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2017-5601 CVE STATUS: Patched CVE SUMMARY: An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-5601 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2018-1000877 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000877 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2018-1000878 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000878 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2018-1000879 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2018-1000880 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2019-1000019 CVE STATUS: Patched CVE SUMMARY: libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1000019 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2019-1000020 CVE STATUS: Patched CVE SUMMARY: libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-1000020 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2019-11463 CVE STATUS: Patched CVE SUMMARY: A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-11463 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2019-18408 CVE STATUS: Patched CVE SUMMARY: archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-18408 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2019-19221 CVE STATUS: Patched CVE SUMMARY: In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19221 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2020-21674 CVE STATUS: Patched CVE SUMMARY: Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21674 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2020-9308 CVE STATUS: Patched CVE SUMMARY: archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9308 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2021-23177 CVE STATUS: Patched CVE SUMMARY: An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-23177 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2021-31566 CVE STATUS: Patched CVE SUMMARY: An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31566 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2021-36976 CVE STATUS: Patched CVE SUMMARY: libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-36976 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2022-26280 CVE STATUS: Patched CVE SUMMARY: Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. CVSS v2 BASE SCORE: 5.8 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-26280 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2022-36227 CVE STATUS: Patched CVE SUMMARY: In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution." CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-36227 LAYER: meta PACKAGE NAME: libarchive PACKAGE VERSION: 3.6.2 CVE: CVE-2023-30571 CVE STATUS: Ignored CVE SUMMARY: Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-30571 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2008-6589 CVE STATUS: Patched CVE SUMMARY: Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6589 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2008-6590 CVE STATUS: Patched CVE SUMMARY: Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6590 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2008-6592 CVE STATUS: Patched CVE SUMMARY: thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6592 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2008-6593 CVE STATUS: Patched CVE SUMMARY: SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-6593 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2013-7443 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-7443 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2015-3414 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3414 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2015-3415 CVE STATUS: Patched CVE SUMMARY: The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3415 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2015-3416 CVE STATUS: Patched CVE SUMMARY: The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3416 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2015-3717 CVE STATUS: Ignored CVE SUMMARY: Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-3717 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2015-5895 CVE STATUS: Patched CVE SUMMARY: Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. CVSS v2 BASE SCORE: 10.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5895 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2015-6607 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-6607 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2016-6153 CVE STATUS: Patched CVE SUMMARY: os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 5.9 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-6153 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2017-10989 CVE STATUS: Patched CVE SUMMARY: The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-10989 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2017-13685 CVE STATUS: Patched CVE SUMMARY: The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-13685 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2017-15286 CVE STATUS: Patched CVE SUMMARY: SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-15286 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2018-20346 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20346 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2018-20505 CVE STATUS: Patched CVE SUMMARY: SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20505 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2018-20506 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-20506 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2018-8740 CVE STATUS: Patched CVE SUMMARY: In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-8740 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-16168 CVE STATUS: Patched CVE SUMMARY: In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-16168 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19242 CVE STATUS: Ignored CVE SUMMARY: SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c. CVSS v2 BASE SCORE: 4.3 CVSS v3 BASE SCORE: 5.9 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19242 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19244 CVE STATUS: Patched CVE SUMMARY: sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19244 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19317 CVE STATUS: Patched CVE SUMMARY: lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19317 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19603 CVE STATUS: Patched CVE SUMMARY: SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19603 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19645 CVE STATUS: Patched CVE SUMMARY: alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19645 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19646 CVE STATUS: Patched CVE SUMMARY: pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19646 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19880 CVE STATUS: Patched CVE SUMMARY: exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19880 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19923 CVE STATUS: Patched CVE SUMMARY: flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19923 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19924 CVE STATUS: Patched CVE SUMMARY: SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19924 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19925 CVE STATUS: Patched CVE SUMMARY: zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19925 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19926 CVE STATUS: Patched CVE SUMMARY: multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19926 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-19959 CVE STATUS: Patched CVE SUMMARY: ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-19959 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-20218 CVE STATUS: Patched CVE SUMMARY: selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-20218 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-5018 CVE STATUS: Patched CVE SUMMARY: An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. CVSS v2 BASE SCORE: 6.8 CVSS v3 BASE SCORE: 8.1 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-5018 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-8457 CVE STATUS: Patched CVE SUMMARY: SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-8457 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-9936 CVE STATUS: Patched CVE SUMMARY: In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9936 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2019-9937 CVE STATUS: Patched CVE SUMMARY: In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2019-9937 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-11655 CVE STATUS: Patched CVE SUMMARY: SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11655 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-11656 CVE STATUS: Patched CVE SUMMARY: In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-11656 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-13434 CVE STATUS: Patched CVE SUMMARY: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13434 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-13435 CVE STATUS: Patched CVE SUMMARY: SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13435 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-13630 CVE STATUS: Patched CVE SUMMARY: ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. CVSS v2 BASE SCORE: 4.4 CVSS v3 BASE SCORE: 7.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13630 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-13631 CVE STATUS: Patched CVE SUMMARY: SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13631 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-13632 CVE STATUS: Patched CVE SUMMARY: ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13632 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-13871 CVE STATUS: Patched CVE SUMMARY: SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-13871 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-15358 CVE STATUS: Patched CVE SUMMARY: In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-15358 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-35525 CVE STATUS: Patched CVE SUMMARY: In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35525 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-35527 CVE STATUS: Patched CVE SUMMARY: In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-35527 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2020-9327 CVE STATUS: Patched CVE SUMMARY: In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-9327 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2021-20227 CVE STATUS: Patched CVE SUMMARY: A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-20227 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2021-31239 CVE STATUS: Patched CVE SUMMARY: An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-31239 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2021-36690 CVE STATUS: Ignored CVE SUMMARY: A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-36690 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2021-45346 CVE STATUS: Patched CVE SUMMARY: A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. CVSS v2 BASE SCORE: 4.0 CVSS v3 BASE SCORE: 4.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-45346 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2022-35737 CVE STATUS: Patched CVE SUMMARY: SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-35737 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2022-46908 CVE STATUS: Patched CVE SUMMARY: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46908 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2023-7104 CVE STATUS: Unpatched CVE SUMMARY: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. CVSS v2 BASE SCORE: 5.2 CVSS v3 BASE SCORE: 7.3 VECTOR: ADJACENT_NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-7104 LAYER: meta PACKAGE NAME: sqlite3 PACKAGE VERSION: 3_3.38.5 CVE: CVE-2024-0232 CVE STATUS: Unpatched CVE SUMMARY: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-0232 LAYER: meta PACKAGE NAME: kbd PACKAGE VERSION: 2.4.0 CVE: CVE-2011-0460 CVE STATUS: Patched CVE SUMMARY: The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. CVSS v2 BASE SCORE: 6.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-0460 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2001-1147 CVE STATUS: Patched CVE SUMMARY: The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1147 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2001-1175 CVE STATUS: Patched CVE SUMMARY: vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1175 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2001-1494 CVE STATUS: Patched CVE SUMMARY: script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1494 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2003-0094 CVE STATUS: Patched CVE SUMMARY: A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2003-0094 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2004-0080 CVE STATUS: Patched CVE SUMMARY: The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-0080 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2005-2876 CVE STATUS: Patched CVE SUMMARY: umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2005-2876 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2006-7108 CVE STATUS: Patched CVE SUMMARY: login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. CVSS v2 BASE SCORE: 4.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2006-7108 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2007-5191 CVE STATUS: Patched CVE SUMMARY: mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2007-5191 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2008-1926 CVE STATUS: Patched CVE SUMMARY: Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-1926 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2011-1675 CVE STATUS: Patched CVE SUMMARY: mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1675 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2011-1676 CVE STATUS: Patched CVE SUMMARY: mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. CVSS v2 BASE SCORE: 3.3 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1676 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2011-1677 CVE STATUS: Patched CVE SUMMARY: mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. CVSS v2 BASE SCORE: 4.6 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2011-1677 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2013-0157 CVE STATUS: Patched CVE SUMMARY: (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-0157 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2014-9114 CVE STATUS: Patched CVE SUMMARY: Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9114 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2015-5218 CVE STATUS: Patched CVE SUMMARY: Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. CVSS v2 BASE SCORE: 2.1 CVSS v3 BASE SCORE: 0.0 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5218 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2015-5224 CVE STATUS: Patched CVE SUMMARY: The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5224 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2016-2779 CVE STATUS: Patched CVE SUMMARY: runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-2779 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2016-5011 CVE STATUS: Patched CVE SUMMARY: The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. CVSS v2 BASE SCORE: 4.9 CVSS v3 BASE SCORE: 4.6 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-5011 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2017-2616 CVE STATUS: Patched CVE SUMMARY: A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. CVSS v2 BASE SCORE: 4.7 CVSS v3 BASE SCORE: 4.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-2616 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2018-7738 CVE STATUS: Patched CVE SUMMARY: In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. CVSS v2 BASE SCORE: 7.2 CVSS v3 BASE SCORE: 7.8 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2018-7738 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2020-21583 CVE STATUS: Patched CVE SUMMARY: An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.7 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-21583 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2021-37600 CVE STATUS: Patched CVE SUMMARY: An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. CVSS v2 BASE SCORE: 1.2 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-37600 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2021-3995 CVE STATUS: Patched CVE SUMMARY: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3995 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2021-3996 CVE STATUS: Patched CVE SUMMARY: A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2021-3996 LAYER: meta PACKAGE NAME: util-linux PACKAGE VERSION: 2.37.4 CVE: CVE-2022-0563 CVE STATUS: Patched CVE SUMMARY: A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. CVSS v2 BASE SCORE: 1.9 CVSS v3 BASE SCORE: 5.5 VECTOR: LOCAL MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-0563 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-27664 CVE STATUS: Patched CVE SUMMARY: In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-27664 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-2879 CVE STATUS: Patched CVE SUMMARY: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2879 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-2880 CVE STATUS: Patched CVE SUMMARY: Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-2880 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-41715 CVE STATUS: Patched CVE SUMMARY: Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41715 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-41717 CVE STATUS: Patched CVE SUMMARY: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41717 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-41720 CVE STATUS: Patched CVE SUMMARY: On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41720 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-41722 CVE STATUS: Patched CVE SUMMARY: A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41722 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-41723 CVE STATUS: Patched CVE SUMMARY: A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41723 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-41724 CVE STATUS: Patched CVE SUMMARY: Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41724 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2022-41725 CVE STATUS: Patched CVE SUMMARY: A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-41725 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-24534 CVE STATUS: Patched CVE SUMMARY: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24534 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-24536 CVE STATUS: Patched CVE SUMMARY: Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24536 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-24537 CVE STATUS: Patched CVE SUMMARY: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24537 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-24538 CVE STATUS: Patched CVE SUMMARY: Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24538 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-24539 CVE STATUS: Patched CVE SUMMARY: Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24539 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-24540 CVE STATUS: Patched CVE SUMMARY: Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-24540 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-29400 CVE STATUS: Patched CVE SUMMARY: Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 7.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29400 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-29402 CVE STATUS: Patched CVE SUMMARY: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected). CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29402 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-29404 CVE STATUS: Patched CVE SUMMARY: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29404 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-29405 CVE STATUS: Patched CVE SUMMARY: The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29405 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-29406 CVE STATUS: Patched CVE SUMMARY: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29406 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-29409 CVE STATUS: Patched CVE SUMMARY: Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 5.3 VECTOR: NETWORK MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-29409 LAYER: meta PACKAGE NAME: go-runtime PACKAGE VERSION: 1.17.13 CVE: CVE-2023-39318 CVE STATUS: Patched CVE SUMMARY: The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in