[0KRunning with gitlab-runner 16.9.1 (782c6ecb)[0;m [0K on green-6.saas-linux-small-amd64.runners-manager.gitlab.com/default YKxHNyexq, system ID: s_a201ab37b78a[0;m [0K feature flags: FF_USE_IMPROVED_URL_MASKING:true[0;m section_start:1711075508:resolve_secrets [0K[0K[36;1mResolving secrets[0;m[0;m section_end:1711075508:resolve_secrets [0Ksection_start:1711075508:prepare_executor [0K[0K[36;1mPreparing the "docker+machine" executor[0;m[0;m [0KUsing Docker executor with image registry.gitlab.com/security-products/container-scanning:6 ...[0;m [0KAuthenticating with credentials from job payload (GitLab Registry)[0;m [0KPulling docker image registry.gitlab.com/security-products/container-scanning:6 ...[0;m [0KUsing docker image sha256:12fc53752df3358a4ad7956d1bbd075bcdd83cfe1900ad571f818428b89b0d98 for registry.gitlab.com/security-products/container-scanning:6 with digest registry.gitlab.com/security-products/container-scanning@sha256:f19447369e4dce920308aa6114dddc15fc0aaf54d88d312fd858377aad98f875 ...[0;m section_end:1711075520:prepare_executor [0Ksection_start:1711075520:prepare_script [0K[0K[36;1mPreparing environment[0;m[0;m Running on runner-ykxhnyexq-project-56086886-concurrent-0 via runner-ykxhnyexq-s-l-s-amd64-1711075222-fedbd671... section_end:1711075525:prepare_script [0Ksection_start:1711075525:get_sources [0K[0K[36;1mGetting source from Git repository[0;m[0;m [32;1mSkipping Git repository setup[0;m [32;1mSkipping Git checkout[0;m [32;1mSkipping Git submodules setup[0;m section_end:1711075526:get_sources [0Ksection_start:1711075526:step_script [0K[0K[36;1mExecuting "step_script" stage of the job script[0;m[0;m [0KUsing docker image sha256:12fc53752df3358a4ad7956d1bbd075bcdd83cfe1900ad571f818428b89b0d98 for registry.gitlab.com/security-products/container-scanning:6 with digest registry.gitlab.com/security-products/container-scanning@sha256:f19447369e4dce920308aa6114dddc15fc0aaf54d88d312fd858377aad98f875 ...[0;m [32;1m$ gtcs scan[0;m [[32mINFO[0m] [2024-03-22 02:45:31 +0000] [container-scanning] > Remediation is disabled; /builds/gitlab-org/secure/tests/thiagocsf-secure-tests/test-cs-6.7.0/Dockerfile cannot be found. Have you set `GIT_STRATEGY` and `CS_DOCKERFILE_PATH`? See https://docs.gitlab.com/ee/user/application_security/container_scanning/#solutions-for-vulnerabilities-auto-remediation [[32mINFO[0m] [2024-03-22 02:45:32 +0000] [container-scanning] > Scanning container from registry registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0 for vulnerabilities with severity level UNKNOWN or higher, with gcs 6.7.0 and Trivy Version: 0.49.1, advisories updated at 2024-03-21T04:28:14+00:00 +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | STATUS | CVE SEVERITY | PACKAGE NAME | PACKAGE VERSION | CVE DESCRIPTION | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-3462 | apt | 1.4.8 | Incorrect sanitation of the 302 redirect field in HTTP transport metho | | | | | | d of apt versions 1.4.8 and earlier can lead to content injection by a | | | | | | MITM attacker, potentially leading to remote code execution on the ta | | | | | | rget machine. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-27350 | apt | 1.4.8 | APT had several integer overflows and underflows while parsing .deb pa | | | | | | ckages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extr | | | | | | acttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This | | | | | | issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1 | | | | | | .6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions | | | | | | prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0 | | | | | | .1; | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-3810 | apt | 1.4.8 | Missing input validation in the ar/tar implementations of APT before v | | | | | | ersion 2.1.2 could result in denial of service when processing special | | | | | | ly crafted deb files. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2016-2779 | bsdutils | 1:2.29.2-1+deb9u1 | runuser in util-linux allows local users to escape to the parent sessi | | | | | | on via a crafted TIOCSTI ioctl call, which pushes characters to the te | | | | | | rminal's input buffer. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-37600 | bsdutils | 1:2.29.2-1+deb9u1 | An integer overflow in util-linux through 2.37.1 can potentially cause | | | | | | a buffer overflow if an attacker were able to use system resources in | | | | | | a way that leads to a large number in the /proc/sysvipc/sem file. NOT | | | | | | E: this is unexploitable in GNU C Library environments, and possibly i | | | | | | n all realistic environments. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2019-12900 | bzip2 | 1.0.6-8.1 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo | | | | | | unds write when there are many selectors. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2593-1 | ca-certificates | 20161130+nmu1 | DLA-2593-1 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2016-2781 | coreutils | 8.26-3 | chroot in GNU coreutils, when used with --userspec, allows local users | | | | | | to escape to the parent session via a crafted TIOCSTI ioctl call, whi | | | | | | ch pushes characters to the terminal's input buffer. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2948-1 | debian-archive-keyring | 2017.5 | DLA-2948-1 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-1664 | dpkg | 1.18.24 | Dpkg::Source::Archive in dpkg, the Debian package management system, b | | | | | | efore version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory | | | | | | traversal vulnerability. When extracting untrusted source packages in | | | | | | v2 and v3 source package formats that include a debian.tar, the in-pl | | | | | | ace extraction can lead to directory traversal situations on specially | | | | | | crafted orig.tar and debian.tar tarballs. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-1304 | e2fslibs | 1.43.4-2 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. | | | | | | 5. This issue leads to a segmentation fault and possibly arbitrary cod | | | | | | e execution via a specially crafted filesystem. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-5094 | e2fslibs | 1.43.4-2 | An exploitable code execution vulnerability exists in the quota file f | | | | | | unctionality of E2fsprogs 1.45.3. A specially crafted ext4 partition c | | | | | | an cause an out-of-bounds write on the heap, resulting in code executi | | | | | | on. An attacker can corrupt a partition to trigger this vulnerability. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-5188 | e2fslibs | 1.43.4-2 | A code execution vulnerability exists in the directory rehashing funct | | | | | | ionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 director | | | | | | y can cause an out-of-bounds write on the stack, resulting in code exe | | | | | | cution. An attacker can corrupt a partition to trigger this vulnerabil | | | | | | ity. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-1304 | e2fsprogs | 1.43.4-2 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. | | | | | | 5. This issue leads to a segmentation fault and possibly arbitrary cod | | | | | | e execution via a specially crafted filesystem. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-5094 | e2fsprogs | 1.43.4-2 | An exploitable code execution vulnerability exists in the quota file f | | | | | | unctionality of E2fsprogs 1.45.3. A specially crafted ext4 partition c | | | | | | an cause an out-of-bounds write on the heap, resulting in code executi | | | | | | on. An attacker can corrupt a partition to trigger this vulnerability. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-5188 | e2fsprogs | 1.43.4-2 | A code execution vulnerability exists in the directory rehashing funct | | | | | | ionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 director | | | | | | y can cause an out-of-bounds write on the stack, resulting in code exe | | | | | | cution. An attacker can corrupt a partition to trigger this vulnerabil | | | | | | ity. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-12886 | gcc-6-base | 6.3.0-18+deb9u1 | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu | | | | | | nction.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain | | | | | | circumstances) generate instruction sequences when targeting ARM targ | | | | | | ets that spill the address of the stack protector guard, which allows | | | | | | an attacker to bypass the protection of -fstack-protector, -fstack-pro | | | | | | tector-all, -fstack-protector-strong, and -fstack-protector-explicit a | | | | | | gainst stack overflow by controlling what the stack canary is compared | | | | | | against. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-1000858 | gpgv | 2.1.18-8~deb9u1 | GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CS | | | | | | RF) vulnerability in dirmngr that can result in Attacker controlled CS | | | | | | RF, Information Disclosure, DoS. This attack appear to be exploitable | | | | | | via Victim must perform a WKD request, e.g. enter an email address in | | | | | | the composer window of Thunderbird/Enigmail. This vulnerability appear | | | | | | s to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1 | | | | | | 099f060. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-12020 | gpgv | 2.1.18-8~deb9u1 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri | | | | | | ng decryption and verification actions, which allows remote attackers | | | | | | to spoof the output that GnuPG sends on file descriptor 2 to other pro | | | | | | grams that use the "--status-fd 2" option. For example, the OpenPGP da | | | | | | ta might represent an original filename that contains line feed charac | | | | | | ters in conjunction with GOODSIG or VALIDSIG status codes. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-9234 | gpgv | 2.1.18-8~deb9u1 | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ce | | | | | | rtification requires an offline master Certify key, which results in a | | | | | | pparently valid certifications that occurred only with access to a sig | | | | | | ning subkey. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-14855 | gpgv | 2.1.18-8~deb9u1 | A flaw was found in the way certificate signatures could be forged usi | | | | | | ng collisions found in the SHA-1 algorithm. An attacker could use this | | | | | | weakness to create forged certificate signatures. This issue affects | | | | | | GnuPG versions before 2.2.18. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-1271 | gzip | 1.6-5+b1 | An arbitrary file write vulnerability was found in GNU gzip's zgrep ut | | | | | | ility. When zgrep is applied on the attacker's chosen file name (for e | | | | | | xample, a crafted file name), this can overwrite an attacker's content | | | | | | to an arbitrary attacker-selected file. This flaw occurs due to insuf | | | | | | ficient validation when processing filenames with two or more newlines | | | | | | where selected content and the target file names are embedded in craf | | | | | | ted multi-line file names. This flaw allows a remote, low privileged a | | | | | | ttacker to force zgrep to write arbitrary files on the system. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-3462 | libapt-pkg5.0 | 1.4.8 | Incorrect sanitation of the 302 redirect field in HTTP transport metho | | | | | | d of apt versions 1.4.8 and earlier can lead to content injection by a | | | | | | MITM attacker, potentially leading to remote code execution on the ta | | | | | | rget machine. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-27350 | libapt-pkg5.0 | 1.4.8 | APT had several integer overflows and underflows while parsing .deb pa | | | | | | ckages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extr | | | | | | acttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This | | | | | | issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1 | | | | | | .6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions | | | | | | prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0 | | | | | | .1; | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-3810 | libapt-pkg5.0 | 1.4.8 | Missing input validation in the ar/tar implementations of APT before v | | | | | | ersion 2.1.2 could result in denial of service when processing special | | | | | | ly crafted deb files. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-26720 | libavahi-client3 | 0.6.32-2 | avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is | | | | | | executed as root via /etc/network/if-up.d/avahi-daemon, and allows a | | | | | | local attacker to cause a denial of service or create arbitrary empty | | | | | | files via a symlink attack on files under /run/avahi-daemon. NOTE: thi | | | | | | s only affects the packaging for Debian GNU/Linux (used indirectly by | | | | | | SUSE), not the upstream Avahi product. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-3468 | libavahi-client3 | 0.6.32-2 | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to | | | | | | signal the termination of the client connection on the avahi Unix soc | | | | | | ket is not correctly handled in the client_work function, allowing a l | | | | | | ocal attacker to trigger an infinite loop. The highest threat from thi | | | | | | s vulnerability is to the availability of the avahi service, which bec | | | | | | omes unresponsive after this flaw is triggered. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-26720 | libavahi-common-data | 0.6.32-2 | avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is | | | | | | executed as root via /etc/network/if-up.d/avahi-daemon, and allows a | | | | | | local attacker to cause a denial of service or create arbitrary empty | | | | | | files via a symlink attack on files under /run/avahi-daemon. NOTE: thi | | | | | | s only affects the packaging for Debian GNU/Linux (used indirectly by | | | | | | SUSE), not the upstream Avahi product. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-3468 | libavahi-common-data | 0.6.32-2 | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to | | | | | | signal the termination of the client connection on the avahi Unix soc | | | | | | ket is not correctly handled in the client_work function, allowing a l | | | | | | ocal attacker to trigger an infinite loop. The highest threat from thi | | | | | | s vulnerability is to the availability of the avahi service, which bec | | | | | | omes unresponsive after this flaw is triggered. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-26720 | libavahi-common3 | 0.6.32-2 | avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is | | | | | | executed as root via /etc/network/if-up.d/avahi-daemon, and allows a | | | | | | local attacker to cause a denial of service or create arbitrary empty | | | | | | files via a symlink attack on files under /run/avahi-daemon. NOTE: thi | | | | | | s only affects the packaging for Debian GNU/Linux (used indirectly by | | | | | | SUSE), not the upstream Avahi product. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-3468 | libavahi-common3 | 0.6.32-2 | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to | | | | | | signal the termination of the client connection on the avahi Unix soc | | | | | | ket is not correctly handled in the client_work function, allowing a l | | | | | | ocal attacker to trigger an infinite loop. The highest threat from thi | | | | | | s vulnerability is to the availability of the avahi service, which bec | | | | | | omes unresponsive after this flaw is triggered. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2016-2779 | libblkid1 | 2.29.2-1+deb9u1 | runuser in util-linux allows local users to escape to the parent sessi | | | | | | on via a crafted TIOCSTI ioctl call, which pushes characters to the te | | | | | | rminal's input buffer. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-37600 | libblkid1 | 2.29.2-1+deb9u1 | An integer overflow in util-linux through 2.37.1 can potentially cause | | | | | | a buffer overflow if an attacker were able to use system resources in | | | | | | a way that leads to a large number in the /proc/sysvipc/sem file. NOT | | | | | | E: this is unexploitable in GNU C Library environments, and possibly i | | | | | | n all realistic environments. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2019-20367 | libbsd0 | 0.8.3-1 | nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com | | | | | | parison for a symbol name from the string table (strtab). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2019-12900 | libbz2-1.0 | 1.0.6-8.1 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo | | | | | | unds write when there are many selectors. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2017-18269 | libc-bin | 2.24-11+deb9u3 | An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 | | | | | | /multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or | | | | | | libc6) 2.21 through 2.27 does not correctly perform the overlapping me | | | | | | mory check if the source memory range spans the middle of the address | | | | | | space, resulting in corrupt data being produced by the copy operation. | | | | | | This may disclose information to context-dependent attackers, or resu | | | | | | lt in a denial of service, or, possibly, code execution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-1000408 | libc-bin | 2.24-11+deb9u3 | A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached | | | | | | and amplified through the LD_HWCAP_MASK environment variable. Please | | | | | | note that many versions of glibc are not vulnerable to this issue if p | | | | | | atched for CVE-2017-1000366. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-1000409 | libc-bin | 2.24-11+deb9u3 | A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca | | | | | | n be triggered through the LD_LIBRARY_PATH environment variable. Pleas | | | | | | e note that many versions of glibc are not vulnerable to this issue if | | | | | | patched for CVE-2017-1000366. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-16997 | libc-bin | 2.24-11+deb9u3 | elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 | | | | | | .26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged ( | | | | | | setuid or AT_SECURE) program, which allows local users to gain privile | | | | | | ges via a Trojan horse library in the current working directory, relat | | | | | | ed to the fillin_rpath and decompose_rpath functions. This is associat | | | | | | ed with misinterpretion of an empty RPATH/RUNPATH token as the "./" di | | | | | | rectory. NOTE: this configuration of RPATH/RUNPATH for a privileged pr | | | | | | ogram is apparently very uncommon; most likely, no such program is shi | | | | | | pped with any common Linux distribution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-15670 | libc-bin | 2.24-11+deb9u3 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- | | | | | | one error leading to a heap-based buffer overflow in the glob function | | | | | | in glob.c, related to the processing of home directories using the ~ | | | | | | operator followed by a long string. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-15671 | libc-bin | 2.24-11+deb9u3 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) | | | | | | before 2.27, when invoked with GLOB_TILDE, could skip freeing allocate | | | | | | d memory when processing the ~ operator with a long user name, potenti | | | | | | ally leading to a denial of service (memory leak). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-15804 | libc-bin | 2.24-11+deb9u3 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) | | | | | | before 2.27 contains a buffer overflow during unescaping of user names | | | | | | with the ~ operator. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-11236 | libc-bin | 2.24-11+deb9u3 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a | | | | | | nd earlier, when processing very long pathname arguments to the realpa | | | | | | th function, could encounter an integer overflow on 32-bit architectur | | | | | | es, leading to a stack-based buffer overflow and, potentially, arbitra | | | | | | ry code execution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-11237 | libc-bin | 2.24-11+deb9u3 | An AVX-512-optimized implementation of the mempcpy function in the GNU | | | | | | C Library (aka glibc or libc6) 2.27 and earlier may write data beyond | | | | | | the target buffer, leading to a buffer overflow in __mempcpy_avx512_n | | | | | | o_vzeroupper. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2017-18269 | libc6 | 2.24-11+deb9u3 | An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 | | | | | | /multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or | | | | | | libc6) 2.21 through 2.27 does not correctly perform the overlapping me | | | | | | mory check if the source memory range spans the middle of the address | | | | | | space, resulting in corrupt data being produced by the copy operation. | | | | | | This may disclose information to context-dependent attackers, or resu | | | | | | lt in a denial of service, or, possibly, code execution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-1000408 | libc6 | 2.24-11+deb9u3 | A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached | | | | | | and amplified through the LD_HWCAP_MASK environment variable. Please | | | | | | note that many versions of glibc are not vulnerable to this issue if p | | | | | | atched for CVE-2017-1000366. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-1000409 | libc6 | 2.24-11+deb9u3 | A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca | | | | | | n be triggered through the LD_LIBRARY_PATH environment variable. Pleas | | | | | | e note that many versions of glibc are not vulnerable to this issue if | | | | | | patched for CVE-2017-1000366. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-16997 | libc6 | 2.24-11+deb9u3 | elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 | | | | | | .26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged ( | | | | | | setuid or AT_SECURE) program, which allows local users to gain privile | | | | | | ges via a Trojan horse library in the current working directory, relat | | | | | | ed to the fillin_rpath and decompose_rpath functions. This is associat | | | | | | ed with misinterpretion of an empty RPATH/RUNPATH token as the "./" di | | | | | | rectory. NOTE: this configuration of RPATH/RUNPATH for a privileged pr | | | | | | ogram is apparently very uncommon; most likely, no such program is shi | | | | | | pped with any common Linux distribution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-15670 | libc6 | 2.24-11+deb9u3 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- | | | | | | one error leading to a heap-based buffer overflow in the glob function | | | | | | in glob.c, related to the processing of home directories using the ~ | | | | | | operator followed by a long string. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-15671 | libc6 | 2.24-11+deb9u3 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) | | | | | | before 2.27, when invoked with GLOB_TILDE, could skip freeing allocate | | | | | | d memory when processing the ~ operator with a long user name, potenti | | | | | | ally leading to a denial of service (memory leak). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-15804 | libc6 | 2.24-11+deb9u3 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) | | | | | | before 2.27 contains a buffer overflow during unescaping of user names | | | | | | with the ~ operator. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-11236 | libc6 | 2.24-11+deb9u3 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a | | | | | | nd earlier, when processing very long pathname arguments to the realpa | | | | | | th function, could encounter an integer overflow on 32-bit architectur | | | | | | es, leading to a stack-based buffer overflow and, potentially, arbitra | | | | | | ry code execution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-11237 | libc6 | 2.24-11+deb9u3 | An AVX-512-optimized implementation of the mempcpy function in the GNU | | | | | | C Library (aka glibc or libc6) 2.27 and earlier may write data beyond | | | | | | the target buffer, leading to a buffer overflow in __mempcpy_avx512_n | | | | | | o_vzeroupper. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-1304 | libcomerr2 | 1.43.4-2 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. | | | | | | 5. This issue leads to a segmentation fault and possibly arbitrary cod | | | | | | e execution via a specially crafted filesystem. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-5094 | libcomerr2 | 1.43.4-2 | An exploitable code execution vulnerability exists in the quota file f | | | | | | unctionality of E2fsprogs 1.45.3. A specially crafted ext4 partition c | | | | | | an cause an out-of-bounds write on the heap, resulting in code executi | | | | | | on. An attacker can corrupt a partition to trigger this vulnerability. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-5188 | libcomerr2 | 1.43.4-2 | A code execution vulnerability exists in the directory rehashing funct | | | | | | ionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 director | | | | | | y can cause an out-of-bounds write on the stack, resulting in code exe | | | | | | cution. An attacker can corrupt a partition to trigger this vulnerabil | | | | | | ity. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-15400 | libcups2 | 2.2.1-8+deb9u1 | Insufficient restriction of IPP filters in CUPS in Google Chrome OS pr | | | | | | ior to 62.0.3202.74 allowed a remote attacker to execute a command wit | | | | | | h the same privileges as the cups daemon via a crafted PPD file, aka a | | | | | | printer zeroconfig CRLF issue. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-4180 | libcups2 | 2.2.1-8+deb9u1 | In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is | | | | | | sue was addressed with improved access restrictions. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-6553 | libcups2 | 2.2.1-8+deb9u1 | The CUPS AppArmor profile incorrectly confined the dnssd backend due t | | | | | | o use of hard links. A local attacker could possibly use this issue to | | | | | | escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu | | | | | | 2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, pr | | | | | | ior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubunt | | | | | | u1.10 in Ubuntu 14.04 LTS. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-8675 | libcups2 | 2.2.1-8+deb9u1 | A buffer overflow issue was addressed with improved memory handling. T | | | | | | his issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 H | | | | | | igh Sierra, Security Update 2019-004 Sierra. An attacker in a privileg | | | | | | ed network position may be able to execute arbitrary code. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-8696 | libcups2 | 2.2.1-8+deb9u1 | A buffer overflow issue was addressed with improved memory handling. T | | | | | | his issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 H | | | | | | igh Sierra, Security Update 2019-004 Sierra. An attacker in a privileg | | | | | | ed network position may be able to execute arbitrary code. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-3898 | libcups2 | 2.2.1-8+deb9u1 | A memory corruption issue was addressed with improved validation. This | | | | | | issue is fixed in macOS Catalina 10.15.4. An application may be able | | | | | | to gain elevated privileges. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2017-18248 | libcups2 | 2.2.1-8+deb9u1 | The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-B | | | | | | us support is enabled, can be crashed by remote attackers by sending p | | | | | | rint jobs with an invalid username, related to a D-Bus notification. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-4181 | libcups2 | 2.2.1-8+deb9u1 | In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is | | | | | | sue was addressed with improved access restrictions. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-4300 | libcups2 | 2.2.1-8+deb9u1 | The session cookie generated by the CUPS web interface was easy to gue | | | | | | ss on Linux, allowing unauthorized scripted access to the web interfac | | | | | | e when the web interface is enabled. This issue affected versions prio | | | | | | r to v2.2.10. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2180 | libcups2 | 2.2.1-8+deb9u1 | In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possi | | | | | | ble out of bounds read due to improper input validation. This could le | | | | | | ad to local information disclosure from the printer service with no ad | | | | | | ditional execution privileges needed. User interaction is not needed f | | | | | | or exploitation. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2228 | libcups2 | 2.2.1-8+deb9u1 | In array_find of array.c, there is a possible out-of-bounds read due t | | | | | | o an incorrect bounds check. This could lead to local information disc | | | | | | losure in the printer spooler with no additional execution privileges | | | | | | needed. User interaction is not needed for exploitation.Product: Andro | | | | | | idVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A- | | | | | | 111210196 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-10001 | libcups2 | 2.2.1-8+deb9u1 | An input validation issue was addressed with improved memory handling. | | | | | | This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 C | | | | | | atalina, Security Update 2020-007 Mojave. A malicious application may | | | | | | be able to read restricted memory. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-26691 | libcups2 | 2.2.1-8+deb9u1 | A logic issue was addressed with improved state management. This issue | | | | | | is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, m | | | | | | acOS Big Sur 11.6.5. An application may be able to gain elevated privi | | | | | | leges. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-8842 | libcups2 | 2.2.1-8+deb9u1 | A buffer overflow was addressed with improved bounds checking. This is | | | | | | sue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojav | | | | | | e, and Security Update 2019-007 High Sierra. In certain configurations | | | | | | , a remote attacker may be able to submit arbitrary print jobs. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2019-8457 | libdb5.3 | 5.3.28-12+deb9u1 | SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o | | | | | | f-bound read in the rtreenode() function when handling invalid rtree t | | | | | | ables. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-12749 | libdbus-1-3 | 1.10.26-0+deb9u1 | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, | | | | | | as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in so | | | | | | me, less common, uses of dbus-daemon), allows cookie spoofing because | | | | | | of symlink mishandling in the reference implementation of DBUS_COOKIE_ | | | | | | SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 a | | | | | | uthentication mechanism.) A malicious client with write access to its | | | | | | own home directory could manipulate a ~/.dbus-keyrings symlink to caus | | | | | | e a DBusServer with a different uid to read and write in unintended lo | | | | | | cations. In the worst case, this could result in the DBusServer reusin | | | | | | g a cookie that is known to the malicious client, and treating that co | | | | | | okie as evidence that a subsequent client connection came from an atta | | | | | | cker-chosen uid, allowing authentication bypass. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-35512 | libdbus-1-3 | 1.10.26-0+deb9u1 | A use-after-free flaw was found in D-Bus Development branch <= 1.13.16 | | | | | | , dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older bran | | | | | | ches <= 1.10.30 when a system has multiple usernames sharing the same | | | | | | UID. When a set of policy rules references these usernames, D-Bus may | | | | | | free some memory in the heap, which is still used by data structures n | | | | | | ecessary for the other usernames sharing the UID, possibly leading to | | | | | | a crash or other undefined behaviors | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-12049 | libdbus-1-3 | 1.10.26-0+deb9u1 | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServe | | | | | | r in libdbus, as used in dbus-daemon, leaks file descriptors when a me | | | | | | ssage exceeds the per-message file descriptor limit. A local attacker | | | | | | with access to the D-Bus system bus or another system service's privat | | | | | | e AF_UNIX socket could use this to make the system service reach its f | | | | | | ile descriptor limit, denying service to subsequent D-Bus clients. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-22822 | libexpat1 | 2.2.0-2+deb9u1 | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i | | | | | | nteger overflow. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-22823 | libexpat1 | 2.2.0-2+deb9u1 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an | | | | | | integer overflow. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-22824 | libexpat1 | 2.2.0-2+deb9u1 | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has | | | | | | an integer overflow. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-23852 | libexpat1 | 2.2.0-2+deb9u1 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML | | | | | | _GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-25235 | libexpat1 | 2.2.0-2+deb9u1 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid | | | | | | ation of encoding, such as checks for whether a UTF-8 character is val | | | | | | id in a certain context. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-25236 | libexpat1 | 2.2.0-2+deb9u1 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in | | | | | | sert namespace-separator characters into namespace URIs. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-25315 | libexpat1 | 2.2.0-2+deb9u1 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in | | | | | | storeRawNames. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-20843 | libexpat1 | 2.2.0-2+deb9u1 | In libexpat in Expat before 2.2.7, XML input including XML names that | | | | | | contain a large number of colons could make the XML parser consume a h | | | | | | igh amount of RAM and CPU resources while processing (enough to be usa | | | | | | ble for denial-of-service attacks). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-15903 | libexpat1 | 2.2.0-2+deb9u1 | In libexpat before 2.2.8, crafted XML input could fool the parser into | | | | | | changing from DTD parsing to document parsing too early; a consecutiv | | | | | | e call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) the | | | | | | n resulted in a heap-based buffer over-read. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-45960 | libexpat1 | 2.2.0-2+deb9u1 | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla | | | | | | ces in the storeAtts function in xmlparse.c can lead to realloc misbeh | | | | | | avior (e.g., allocating too few bytes, or only freeing memory). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-46143 | libexpat1 | 2.2.0-2+deb9u1 | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int | | | | | | eger overflow exists for m_groupSize. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-22825 | libexpat1 | 2.2.0-2+deb9u1 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ | | | | | | er overflow. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-22826 | libexpat1 | 2.2.0-2+deb9u1 | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha | | | | | | s an integer overflow. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-22827 | libexpat1 | 2.2.0-2+deb9u1 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in | | | | | | teger overflow. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-23990 | libexpat1 | 2.2.0-2+deb9u1 | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro | | | | | | log function. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-25313 | libexpat1 | 2.2.0-2+deb9u1 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack ex | | | | | | haustion in build_model via a large nesting depth in the DTD element. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2016-2779 | libfdisk1 | 2.29.2-1+deb9u1 | runuser in util-linux allows local users to escape to the parent sessi | | | | | | on via a crafted TIOCSTI ioctl call, which pushes characters to the te | | | | | | rminal's input buffer. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-37600 | libfdisk1 | 2.29.2-1+deb9u1 | An integer overflow in util-linux through 2.37.1 can potentially cause | | | | | | a buffer overflow if an attacker were able to use system resources in | | | | | | a way that leads to a large number in the /proc/sysvipc/sem file. NOT | | | | | | E: this is unexploitable in GNU C Library environments, and possibly i | | | | | | n all realistic environments. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-27404 | libfreetype6 | 2.6.3-3.2 | FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovere | | | | | | d to contain a heap buffer overflow via the function sfnt_init_face. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-27405 | libfreetype6 | 2.6.3-3.2 | FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovere | | | | | | d to contain a segmentation violation via the function FNT_Size_Reques | | | | | | t. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-27406 | libfreetype6 | 2.6.3-3.2 | FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovere | | | | | | d to contain a segmentation violation via the function FT_Request_Size | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-15999 | libfreetype6 | 2.6.3-3.2 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.1 | | | | | | 11 allowed a remote attacker to potentially exploit heap corruption vi | | | | | | a a crafted HTML page. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-12886 | libgcc1 | 1:6.3.0-18+deb9u1 | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu | | | | | | nction.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain | | | | | | circumstances) generate instruction sequences when targeting ARM targ | | | | | | ets that spill the address of the stack protector guard, which allows | | | | | | an attacker to bypass the protection of -fstack-protector, -fstack-pro | | | | | | tector-all, -fstack-protector-strong, and -fstack-protector-explicit a | | | | | | gainst stack overflow by controlling what the stack canary is compared | | | | | | against. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-33560 | libgcrypt20 | 1.7.6-2+deb9u2 | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry | | | | | | ption because it lacks exponent blinding to address a side-channel att | | | | | | ack against mpi_powm, and the window size is not chosen appropriately. | | | | | | This, for example, affects use of ElGamal in OpenPGP. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-0495 | libgcrypt20 | 1.7.6-2+deb9u2 | Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache s | | | | | | ide-channel attack on ECDSA signatures that can be mitigated through t | | | | | | he use of blinding during the signing process in the _gcry_ecc_ecdsa_s | | | | | | ign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Numbe | | | | | | r Problem or ROHNP. To discover an ECDSA key, the attacker needs acces | | | | | | s to either the local machine or a different virtual machine on the sa | | | | | | me physical host. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-13627 | libgcrypt20 | 1.7.6-2+deb9u2 | It was discovered that there was a ECDSA timing attack in the libgcryp | | | | | | t20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, | | | | | | and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-40528 | libgcrypt20 | 1.7.6-2+deb9u2 | The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext | | | | | | recovery because, during interaction between two cryptographic librari | | | | | | es, a certain dangerous combination of the prime defined by the receiv | | | | | | er's public key, the generator defined by the receiver's public key, a | | | | | | nd the sender's ephemeral exponents can lead to a cross-configuration | | | | | | attack against OpenPGP. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-43618 | libgmp10 | 2:6.1.2+dfsg-1 | GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m | | | | | | pz/inp_raw.c integer overflow and resultant buffer overflow via crafte | | | | | | d input, leading to a segmentation fault on 32-bit platforms. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-3829 | libgnutls30 | 3.5.8-5+deb9u3 | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. | | | | | | A memory corruption (double free) vulnerability in the certificate ver | | | | | | ification API. Any client or server application that verifies X.509 ce | | | | | | rtificates with GnuTLS 3.5.8 or later is affected. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-10844 | libgnutls30 | 3.5.8-5+deb9u3 | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulner | | | | | | able to a Lucky thirteen style attack. Remote attackers could use this | | | | | | flaw to conduct distinguishing attacks and plaintext-recovery attacks | | | | | | via statistical analysis of timing data using crafted packets. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-10845 | libgnutls30 | 3.5.8-5+deb9u3 | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulner | | | | | | able to a Lucky thirteen style attack. Remote attackers could use this | | | | | | flaw to conduct distinguishing attacks and plain text recovery attack | | | | | | s via statistical analysis of timing data using crafted packets. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-10846 | libgnutls30 | 3.5.8-5+deb9u3 | A cache-based side channel in GnuTLS implementation that leads to plai | | | | | | n text recovery in cross-VM attack setting was found. An attacker coul | | | | | | d use a combination of "Just in Time" Prime+probe attack in combinatio | | | | | | n with Lucky-13 attack to recover plain text using crafted packets. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-16868 | libgnutls30 | 3.5.8-5+deb9u3 | A Bleichenbacher type side-channel based padding oracle attack was fou | | | | | | nd in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 | | | | | | data. An attacker who is able to run process on the same physical cor | | | | | | e as the victim process, could use this to extract plaintext or in som | | | | | | e cases downgrade any TLS connections to a vulnerable server. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-4209 | libgnutls30 | 3.5.8-5+deb9u3 | A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash | | | | | | update functions internally call memcpy, providing zero-length input m | | | | | | ay cause undefined behavior. This flaw leads to a denial of service af | | | | | | ter authentication in rare circumstances. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2759-1 | libgnutls30 | 3.5.8-5+deb9u3 | DLA-2759-1 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-28196 | libgssapi-krb5-2 | 1.15-1+deb9u1 | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow | | | | | | s unbounded recursion via an ASN.1-encoded Kerberos message because th | | | | | | e lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lack | | | | | | s a recursion limit. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-20217 | libgssapi-krb5-2 | 1.15-1+deb9u1 | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos | | | | | | 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket us | | | | | | ing an older encryption type (single-DES, triple-DES, or RC4), the att | | | | | | acker can crash the KDC by making an S4U2Self request. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5710 | libgssapi-krb5-2 | 1.15-1+deb9u1 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The | | | | | | pre-defined function "strlen" is getting a "NULL" string as a paramet | | | | | | er value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key | | | | | | Distribution Center (KDC), which allows remote authenticated users to | | | | | | cause a denial of service (NULL pointer dereference) via a modified ka | | | | | | dmin client. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5729 | libgssapi-krb5-2 | 1.15-1+deb9u1 | MIT krb5 1.6 or later allows an authenticated kadmin with permission t | | | | | | o add principals to an LDAP Kerberos database to cause a denial of ser | | | | | | vice (NULL pointer dereference) or bypass a DN container check by supp | | | | | | lying tagged data that is internal to the database module. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-37750 | libgssapi-krb5-2 | 1.15-1+deb9u1 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before | | | | | | 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/ | | | | | | do_tgs_req.c via a FAST inner body that lacks a server field. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-11462 | libgssapi-krb5-2 | 1.15-1+deb9u1 | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker | | | | | | s to have unspecified impact via vectors involving automatic deletion | | | | | | of security contexts on error. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-5730 | libgssapi-krb5-2 | 1.15-1+deb9u1 | MIT krb5 1.6 or later allows an authenticated kadmin with permission t | | | | | | o add principals to an LDAP Kerberos database to circumvent a DN conta | | | | | | inership check by supplying both a "linkdn" and "containerdn" database | | | | | | argument, or by supplying a DN string which is a left extension of a | | | | | | container DN string but is not hierarchically within the container DN. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-20305 | libhogweed4 | 3.3-1+b2 | A flaw was found in Nettle in versions before 3.7.2, where several Net | | | | | | tle signature verification functions (GOST DSA, EDDSA & ECDSA) result | | | | | | in the Elliptic Curve Cryptography point (ECC) multiply function being | | | | | | called with out-of-range scalers, possibly resulting in incorrect res | | | | | | ults. This flaw allows an attacker to force an invalid signature, caus | | | | | | ing an assertion failure or possible validation. The highest threat to | | | | | | this vulnerability is to confidentiality, integrity, as well as syste | | | | | | m availability. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-3580 | libhogweed4 | 3.3-1+b2 | A flaw was found in the way nettle's RSA decryption functions handled | | | | | | specially crafted ciphertext. An attacker could use this flaw to provi | | | | | | de a manipulated ciphertext leading to application crash and denial of | | | | | | service. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-16869 | libhogweed4 | 3.3-1+b2 | A Bleichenbacher type side-channel based padding oracle attack was fou | | | | | | nd in the way nettle handles endian conversion of RSA decrypted PKCS#1 | | | | | | v1.5 data. An attacker who is able to run a process on the same physi | | | | | | cal core as the victim process, could use this flaw extract plaintext | | | | | | or in some cases downgrade any TLS connections to a vulnerable server. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2017-14062 | libidn11 | 1.33-1 | Integer overflow in the decode_digit function in puny_decode.c in Libi | | | | | | dn2 before 2.0.4 allows remote attackers to cause a denial of service | | | | | | or possibly have unspecified other impact. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-2201 | libjpeg62-turbo | 1:1.5.1-2 | In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is | | | | | | a possible out of bounds write due to a missing bounds check. This co | | | | | | uld lead to remote code execution in an unprivileged process with no a | | | | | | dditional execution privileges needed. User interaction is needed for | | | | | | exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android | | | | | | -9 Android-10Android ID: A-120551338 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-13790 | libjpeg62-turbo | 1:1.5.1-2 | libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r | | | | | | ead in get_rgb_row() in rdppm.c via a malformed PPM input file. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-14152 | libjpeg62-turbo | 1:1.5.1-2 | In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. | | | | | | c in djpeg does not honor the max_memory_to_use setting, possibly caus | | | | | | ing excessive memory consumption. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-1152 | libjpeg62-turbo | 1:1.5.1-2 | libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit | | | | | | y caused by a divide by zero when processing a crafted BMP image. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-14498 | libjpeg62-turbo | 1:1.5.1-2 | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th | | | | | | rough 3.3.1 allows attackers to cause a denial of service (heap-based | | | | | | buffer over-read and application crash) via a crafted 8-bit BMP in whi | | | | | | ch one or more of the color indices is out of range for the number of | | | | | | palette entries. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-28196 | libk5crypto3 | 1.15-1+deb9u1 | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow | | | | | | s unbounded recursion via an ASN.1-encoded Kerberos message because th | | | | | | e lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lack | | | | | | s a recursion limit. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-20217 | libk5crypto3 | 1.15-1+deb9u1 | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos | | | | | | 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket us | | | | | | ing an older encryption type (single-DES, triple-DES, or RC4), the att | | | | | | acker can crash the KDC by making an S4U2Self request. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5710 | libk5crypto3 | 1.15-1+deb9u1 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The | | | | | | pre-defined function "strlen" is getting a "NULL" string as a paramet | | | | | | er value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key | | | | | | Distribution Center (KDC), which allows remote authenticated users to | | | | | | cause a denial of service (NULL pointer dereference) via a modified ka | | | | | | dmin client. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5729 | libk5crypto3 | 1.15-1+deb9u1 | MIT krb5 1.6 or later allows an authenticated kadmin with permission t | | | | | | o add principals to an LDAP Kerberos database to cause a denial of ser | | | | | | vice (NULL pointer dereference) or bypass a DN container check by supp | | | | | | lying tagged data that is internal to the database module. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-37750 | libk5crypto3 | 1.15-1+deb9u1 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before | | | | | | 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/ | | | | | | do_tgs_req.c via a FAST inner body that lacks a server field. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-11462 | libk5crypto3 | 1.15-1+deb9u1 | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker | | | | | | s to have unspecified impact via vectors involving automatic deletion | | | | | | of security contexts on error. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-5730 | libk5crypto3 | 1.15-1+deb9u1 | MIT krb5 1.6 or later allows an authenticated kadmin with permission t | | | | | | o add principals to an LDAP Kerberos database to circumvent a DN conta | | | | | | inership check by supplying both a "linkdn" and "containerdn" database | | | | | | argument, or by supplying a DN string which is a left extension of a | | | | | | container DN string but is not hierarchically within the container DN. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-28196 | libkrb5-3 | 1.15-1+deb9u1 | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow | | | | | | s unbounded recursion via an ASN.1-encoded Kerberos message because th | | | | | | e lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lack | | | | | | s a recursion limit. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-20217 | libkrb5-3 | 1.15-1+deb9u1 | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos | | | | | | 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket us | | | | | | ing an older encryption type (single-DES, triple-DES, or RC4), the att | | | | | | acker can crash the KDC by making an S4U2Self request. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5710 | libkrb5-3 | 1.15-1+deb9u1 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The | | | | | | pre-defined function "strlen" is getting a "NULL" string as a paramet | | | | | | er value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key | | | | | | Distribution Center (KDC), which allows remote authenticated users to | | | | | | cause a denial of service (NULL pointer dereference) via a modified ka | | | | | | dmin client. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5729 | libkrb5-3 | 1.15-1+deb9u1 | MIT krb5 1.6 or later allows an authenticated kadmin with permission t | | | | | | o add principals to an LDAP Kerberos database to cause a denial of ser | | | | | | vice (NULL pointer dereference) or bypass a DN container check by supp | | | | | | lying tagged data that is internal to the database module. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-37750 | libkrb5-3 | 1.15-1+deb9u1 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before | | | | | | 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/ | | | | | | do_tgs_req.c via a FAST inner body that lacks a server field. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-11462 | libkrb5-3 | 1.15-1+deb9u1 | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker | | | | | | s to have unspecified impact via vectors involving automatic deletion | | | | | | of security contexts on error. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-5730 | libkrb5-3 | 1.15-1+deb9u1 | MIT krb5 1.6 or later allows an authenticated kadmin with permission t | | | | | | o add principals to an LDAP Kerberos database to circumvent a DN conta | | | | | | inership check by supplying both a "linkdn" and "containerdn" database | | | | | | argument, or by supplying a DN string which is a left extension of a | | | | | | container DN string but is not hierarchically within the container DN. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-28196 | libkrb5support0 | 1.15-1+deb9u1 | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow | | | | | | s unbounded recursion via an ASN.1-encoded Kerberos message because th | | | | | | e lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lack | | | | | | s a recursion limit. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-20217 | libkrb5support0 | 1.15-1+deb9u1 | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos | | | | | | 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket us | | | | | | ing an older encryption type (single-DES, triple-DES, or RC4), the att | | | | | | acker can crash the KDC by making an S4U2Self request. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5710 | libkrb5support0 | 1.15-1+deb9u1 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The | | | | | | pre-defined function "strlen" is getting a "NULL" string as a paramet | | | | | | er value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key | | | | | | Distribution Center (KDC), which allows remote authenticated users to | | | | | | cause a denial of service (NULL pointer dereference) via a modified ka | | | | | | dmin client. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5729 | libkrb5support0 | 1.15-1+deb9u1 | MIT krb5 1.6 or later allows an authenticated kadmin with permission t | | | | | | o add principals to an LDAP Kerberos database to cause a denial of ser | | | | | | vice (NULL pointer dereference) or bypass a DN container check by supp | | | | | | lying tagged data that is internal to the database module. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-37750 | libkrb5support0 | 1.15-1+deb9u1 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before | | | | | | 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/ | | | | | | do_tgs_req.c via a FAST inner body that lacks a server field. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-11462 | libkrb5support0 | 1.15-1+deb9u1 | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker | | | | | | s to have unspecified impact via vectors involving automatic deletion | | | | | | of security contexts on error. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-5730 | libkrb5support0 | 1.15-1+deb9u1 | MIT krb5 1.6 or later allows an authenticated kadmin with permission t | | | | | | o add principals to an LDAP Kerberos database to circumvent a DN conta | | | | | | inership check by supplying both a "linkdn" and "containerdn" database | | | | | | argument, or by supplying a DN string which is a left extension of a | | | | | | container DN string but is not hierarchically within the container DN. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-16435 | liblcms2-2 | 2.8-4 | Little CMS (aka Little Color Management System) 2.9 has an integer ove | | | | | | rflow in the AllocateDataSet function in cmscgats.c, leading to a heap | | | | | | -based buffer overflow in the SetData function via a crafted file in t | | | | | | he second argument to cmsIT8LoadFromFile. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2021-3520 | liblz4-1 | 0.0~r131-2+b1 | There's a flaw in lz4. An attacker who submits a crafted file to an ap | | | | | | plication linked with lz4 may be able to trigger an integer overflow, | | | | | | leading to calling of memmove() on a negative size argument, causing a | | | | | | n out-of-bounds write and/or a crash. The greatest impact of this flaw | | | | | | is to availability, with some potential impact to confidentiality and | | | | | | integrity as well. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-17543 | liblz4-1 | 0.0~r131-2+b1 | LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (rela | | | | | | ted to LZ4_compress_destSize), affecting applications that call LZ4_co | | | | | | mpress_fast with a large input. (This issue can also lead to data corr | | | | | | uption.) NOTE: the vendor states "only a few specific / uncommon usage | | | | | | s of the API are at risk." | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-1271 | liblzma5 | 5.2.2-1.2+b1 | An arbitrary file write vulnerability was found in GNU gzip's zgrep ut | | | | | | ility. When zgrep is applied on the attacker's chosen file name (for e | | | | | | xample, a crafted file name), this can overwrite an attacker's content | | | | | | to an arbitrary attacker-selected file. This flaw occurs due to insuf | | | | | | ficient validation when processing filenames with two or more newlines | | | | | | where selected content and the target file names are embedded in craf | | | | | | ted multi-line file names. This flaw allows a remote, low privileged a | | | | | | ttacker to force zgrep to write arbitrary files on the system. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2016-2779 | libmount1 | 2.29.2-1+deb9u1 | runuser in util-linux allows local users to escape to the parent sessi | | | | | | on via a crafted TIOCSTI ioctl call, which pushes characters to the te | | | | | | rminal's input buffer. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-37600 | libmount1 | 2.29.2-1+deb9u1 | An integer overflow in util-linux through 2.37.1 can potentially cause | | | | | | a buffer overflow if an attacker were able to use system resources in | | | | | | a way that leads to a large number in the /proc/sysvipc/sem file. NOT | | | | | | E: this is unexploitable in GNU C Library environments, and possibly i | | | | | | n all realistic environments. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-29458 | libncursesw5 | 6.0+20161126-1+deb9u2 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen | | | | | | tation violation in convert_strings in tinfo/read_entry.c in the termi | | | | | | nfo library. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-19211 | libncursesw5 | 6.0+20161126-1+deb9u2 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa | | | | | | rse_entry in parse_entry.c that will lead to a denial of service attac | | | | | | k. The product proceeds to the dereference code path even after a "dub | | | | | | ious character `*' in name or alias field" detection. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-17594 | libncursesw5 | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the _nc_find_entry function | | | | | | in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-201 | | | | | | 91012. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-17595 | libncursesw5 | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the fmt_entry function in ti | | | | | | nfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012 | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-20305 | libnettle6 | 3.3-1+b2 | A flaw was found in Nettle in versions before 3.7.2, where several Net | | | | | | tle signature verification functions (GOST DSA, EDDSA & ECDSA) result | | | | | | in the Elliptic Curve Cryptography point (ECC) multiply function being | | | | | | called with out-of-range scalers, possibly resulting in incorrect res | | | | | | ults. This flaw allows an attacker to force an invalid signature, caus | | | | | | ing an assertion failure or possible validation. The highest threat to | | | | | | this vulnerability is to confidentiality, integrity, as well as syste | | | | | | m availability. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-3580 | libnettle6 | 3.3-1+b2 | A flaw was found in the way nettle's RSA decryption functions handled | | | | | | specially crafted ciphertext. An attacker could use this flaw to provi | | | | | | de a manipulated ciphertext leading to application crash and denial of | | | | | | service. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-16869 | libnettle6 | 3.3-1+b2 | A Bleichenbacher type side-channel based padding oracle attack was fou | | | | | | nd in the way nettle handles endian conversion of RSA decrypted PKCS#1 | | | | | | v1.5 data. An attacker who is able to run a process on the same physi | | | | | | cal core as the victim process, could use this flaw extract plaintext | | | | | | or in some cases downgrade any TLS connections to a vulnerable server. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2019-17006 | libnss3 | 2:3.26.2-1.1+deb9u1 | In Network Security Services (NSS) before 3.46, several cryptographic | | | | | | primitives had missing length checks. In cases where the application c | | | | | | alling the library did not perform a sanity check on the inputs it cou | | | | | | ld result in a crash due to a buffer overflow. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2020-12403 | libnss3 | 2:3.26.2-1.1+deb9u1 | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i | | | | | | n versions before 3.55. When using multi-part Chacha20, it could cause | | | | | | out-of-bounds reads. This issue was fixed by explicitly disabling mul | | | | | | ti-part ChaCha20 (which was not functioning correctly) and strictly en | | | | | | forcing tag length. The highest threat from this vulnerability is to c | | | | | | onfidentiality and system availability. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2021-43527 | libnss3 | 2:3.26.2-1.1+deb9u1 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a | | | | | | re vulnerable to a heap overflow when handling DER-encoded DSA or RSA- | | | | | | PSS signatures. Applications using NSS for handling signatures encoded | | | | | | within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. | | | | | | Applications using NSS for certificate validation or other TLS, X.509 | | | | | | , OCSP or CRL functionality may be impacted, depending on how they con | | | | | | figure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox. | | | | | | * However, email clients and PDF viewers that use NSS for signature ve | | | | | | rification, such as Thunderbird, LibreOffice, Evolution and Evince are | | | | | | believed to be impacted. This vulnerability affects NSS < 3.73 and NS | | | | | | S < 3.68.1. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-11719 | libnss3 | 2:3.26.2-1.1+deb9u1 | When importing a curve25519 private key in PKCS#8format with leading 0 | | | | | | x00 bytes, it is possible to trigger an out-of-bounds read in the Netw | | | | | | ork Security Services (NSS) library. This could lead to information di | | | | | | sclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, | | | | | | and Thunderbird < 60.8. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-11729 | libnss3 | 2:3.26.2-1.1+deb9u1 | Empty or malformed p256-ECDH public keys may trigger a segmentation fa | | | | | | ult due values being improperly sanitized before being copied into mem | | | | | | ory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < | | | | | | 68, and Thunderbird < 60.8. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-11745 | libnss3 | 2:3.26.2-1.1+deb9u1 | When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa | | | | | | s made with data smaller than the block size, a small out of bounds wr | | | | | | ite could occur. This could have caused heap corruption and a potentia | | | | | | lly exploitable crash. This vulnerability affects Thunderbird < 68.3, | | | | | | Firefox ESR < 68.3, and Firefox < 71. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-17007 | libnss3 | 2:3.26.2-1.1+deb9u1 | In Network Security Services before 3.44, a malformed Netscape Certifi | | | | | | cate Sequence can cause NSS to crash, resulting in a denial of service | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-25648 | libnss3 | 2:3.26.2-1.1+deb9u1 | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message | | | | | | s in TLS 1.3. This flaw allows a remote attacker to send multiple CCS | | | | | | messages, causing a denial of service for servers compiled with the NS | | | | | | S library. The highest threat from this vulnerability is to system ava | | | | | | ilability. This flaw affects NSS versions before 3.58. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-12404 | libnss3 | 2:3.26.2-1.1+deb9u1 | A cached side channel attack during handshakes using RSA encryption co | | | | | | uld allow for the decryption of encrypted content. This is a variant o | | | | | | f the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) an | | | | | | d affects all NSS versions prior to NSS 3.41. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-18508 | libnss3 | 2:3.26.2-1.1+deb9u1 | In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a | | | | | | malformed signature can cause a crash due to a null dereference, resul | | | | | | ting in a Denial of Service. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-11727 | libnss3 | 2:3.26.2-1.1+deb9u1 | A vulnerability exists where it possible to force Network Security Ser | | | | | | vices (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when | | | | | | those are the only ones advertised by server in CertificateRequest in | | | | | | TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messag | | | | | | es. This vulnerability affects Firefox < 68. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-12399 | libnss3 | 2:3.26.2-1.1+deb9u1 | NSS has shown timing differences when performing DSA signatures, which | | | | | | was exploitable and could eventually leak private keys. This vulnerab | | | | | | ility affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68 | | | | | | .9. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-12400 | libnss3 | 2:3.26.2-1.1+deb9u1 | When converting coordinates from projective to affine, the modular inv | | | | | | ersion was not performed in constant time, resulting in a possible tim | | | | | | ing-based side channel attack. This vulnerability affects Firefox < 80 | | | | | | and Firefox for Android < 80. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-12401 | libnss3 | 2:3.26.2-1.1+deb9u1 | During ECDSA signature generation, padding applied in the nonce design | | | | | | ed to ensure constant-time scalar multiplication was removed, resultin | | | | | | g in variable-time execution dependent on secret data. This vulnerabil | | | | | | ity affects Firefox < 80 and Firefox for Android < 80. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-12402 | libnss3 | 2:3.26.2-1.1+deb9u1 | During RSA key generation, bignum implementations used a variation of | | | | | | the Binary Extended Euclidean Algorithm which entailed significantly i | | | | | | nput-dependent flow. This allowed an attacker able to perform electrom | | | | | | agnetic-based side channel attacks to record traces leading to the rec | | | | | | overy of the secret primes. *Note:* An unmodified Firefox browser does | | | | | | not generate RSA keys in normal operation and is not affected, but pr | | | | | | oducts built on top of it might. This vulnerability affects Firefox < | | | | | | 78. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-12413 | libnss3 | 2:3.26.2-1.1+deb9u1 | The Raccoon attack is a timing attack on DHE ciphersuites inherit in t | | | | | | he TLS specification. To mitigate this vulnerability, Firefox disabled | | | | | | support for DHE ciphersuites. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-6829 | libnss3 | 2:3.26.2-1.1+deb9u1 | When performing EC scalar point multiplication, the wNAF point multipl | | | | | | ication algorithm was used; which leaked partial information about the | | | | | | nonce used during signature generation. Given an electro-magnetic tra | | | | | | ce of a few signature generations, the private key could have been com | | | | | | puted. This vulnerability affects Firefox < 80 and Firefox for Android | | | | | | < 80. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-22747 | libnss3 | 2:3.26.2-1.1+deb9u1 | After accepting an untrusted certificate, handling an empty pkcs7 sequ | | | | | | ence as part of the certificate data could have lead to a crash. This | | | | | | crash is believed to be unexploitable. This vulnerability affects Fire | | | | | | fox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-12384 | libnss3 | 2:3.26.2-1.1+deb9u1 | When handling a SSLv2-compatible ClientHello request, the server doesn | | | | | | 't generate a new random value but sends an all-zero value instead. Th | | | | | | is results in full malleability of the ClientHello for SSLv2 used for | | | | | | TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1. | | | | | | 3. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2836-2 | libnss3 | 2:3.26.2-1.1+deb9u1 | DLA-2836-2 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-29361 | libp11-kit0 | 0.23.3-2 | An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple in | | | | | | teger overflows have been discovered in the array allocations in the p | | | | | | 11-kit library and the p11-kit list command, where overflow checks are | | | | | | missing before calling realloc or calloc. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-29362 | libp11-kit0 | 0.23.3-2 | An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-base | | | | | | d buffer over-read has been discovered in the RPC protocol used by the | | | | | | p11-kit server/remote commands and the client library. When the remote | | | | | | entity supplies a byte array through a serialized PKCS#11 function ca | | | | | | ll, the receiving entity may allow the reading of up to 4 bytes of mem | | | | | | ory past the heap allocation. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14155 | libpcre3 | 2:8.39-3 | libpcre in PCRE before 8.44 allows an integer overflow via a large num | | | | | | ber after a (?C substring. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2017-12652 | libpng16-16 | 1.6.28-1 | libpng before 1.6.32 does not properly check the length of chunks agai | | | | | | nst the user limit. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-7317 | libpng16-16 | 1.6.28-1 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- | | | | | | free because png_image_free_function is called under png_safe_execute. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-36084 | libsepol1 | 2.6-2 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c | | | | | | lassperms (called from __cil_verify_classpermission and __cil_pre_veri | | | | | | fy_helper). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-36085 | libsepol1 | 2.6-2 | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c | | | | | | lassperms (called from __verify_map_perm_classperms and hashtab_map). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-36086 | libsepol1 | 2.6-2 | The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas | | | | | | spermission (called from cil_reset_classperms_set and cil_reset_classp | | | | | | erms_list). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-36087 | libsepol1 | 2.6-2 | The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e | | | | | | bitmap_match_any (called indirectly from cil_check_neverallow). This o | | | | | | ccurs because there is sometimes a lack of checks for invalid statemen | | | | | | ts in an optional block. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2016-2779 | libsmartcols1 | 2.29.2-1+deb9u1 | runuser in util-linux allows local users to escape to the parent sessi | | | | | | on via a crafted TIOCSTI ioctl call, which pushes characters to the te | | | | | | rminal's input buffer. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-37600 | libsmartcols1 | 2.29.2-1+deb9u1 | An integer overflow in util-linux through 2.37.1 can potentially cause | | | | | | a buffer overflow if an attacker were able to use system resources in | | | | | | a way that leads to a large number in the /proc/sysvipc/sem file. NOT | | | | | | E: this is unexploitable in GNU C Library environments, and possibly i | | | | | | n all realistic environments. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2019-8457 | libsqlite3-0 | 3.16.2-5+deb9u1 | SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o | | | | | | f-bound read in the rtreenode() function when handling invalid rtree t | | | | | | ables. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-20346 | libsqlite3-0 | 3.16.2-5+deb9u1 | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a | | | | | | n integer overflow (and resultant buffer overflow) for FTS3 queries th | | | | | | at occur after crafted changes to FTS3 shadow tables, allowing remote | | | | | | attackers to execute arbitrary code by leveraging the ability to run a | | | | | | rbitrary SQL statements (such as in certain WebSQL use cases), aka Mag | | | | | | ellan. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-20506 | libsqlite3-0 | 3.16.2-5+deb9u1 | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a | | | | | | n integer overflow (and resultant buffer overflow) for FTS3 queries in | | | | | | a "merge" operation that occurs after crafted changes to FTS3 shadow | | | | | | tables, allowing remote attackers to execute arbitrary code by leverag | | | | | | ing the ability to run arbitrary SQL statements (such as in certain We | | | | | | bSQL use cases). This is a different vulnerability than CVE-2018-20346 | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-8740 | libsqlite3-0 | 3.16.2-5+deb9u1 | In SQLite through 3.22.0, databases whose schema is corrupted using a | | | | | | CREATE TABLE AS statement could cause a NULL pointer dereference, rela | | | | | | ted to build.c and prepare.c. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-20218 | libsqlite3-0 | 3.16.2-5+deb9u1 | selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u | | | | | | nwinding even after a parsing error. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-5827 | libsqlite3-0 | 3.16.2-5+deb9u1 | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3 | | | | | | 729.131 allowed a remote attacker to potentially exploit heap corrupti | | | | | | on via a crafted HTML page. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-9936 | libsqlite3-0 | 3.16.2-5+deb9u1 | In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou | | | | | | ld trigger a heap-based buffer over-read in fts5HashEntrySort in sqlit | | | | | | e3.c, which may lead to an information leak. This is related to ext/ft | | | | | | s5/fts5_hash.c. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-9937 | libsqlite3-0 | 3.16.2-5+deb9u1 | In SQLite 3.27.2, interleaving reads and writes in a single transactio | | | | | | n with an fts5 virtual table will lead to a NULL Pointer Dereference i | | | | | | n fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash | | | | | | .c and ext/fts5/fts5_index.c. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-11655 | libsqlite3-0 | 3.16.2-5+deb9u1 | SQLite through 3.31.1 allows attackers to cause a denial of service (s | | | | | | egmentation fault) via a malformed window-function query because the A | | | | | | ggInfo object's initialization is mishandled. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-13630 | libsqlite3-0 | 3.16.2-5+deb9u1 | ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev | | | | | | alNextRow, related to the snippet feature. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-13871 | libsqlite3-0 | 3.16.2-5+deb9u1 | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec | | | | | | ause the parse tree rewrite for window functions is too late. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-16168 | libsqlite3-0 | 3.16.2-5+deb9u1 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras | | | | | | h a browser or other application because of missing validation of a sq | | | | | | lite_stat1 sz field, aka a "severe division by zero in the query plann | | | | | | er." | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-19645 | libsqlite3-0 | 3.16.2-5+deb9u1 | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite | | | | | | recursion via certain types of self-referential views in conjunction w | | | | | | ith ALTER TABLE statements. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-13434 | libsqlite3-0 | 3.16.2-5+deb9u1 | SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf | | | | | | in printf.c. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-13631 | libsqlite3-0 | 3.16.2-5+deb9u1 | SQLite before 3.32.0 allows a virtual table to be renamed to the name | | | | | | of one of its shadow tables, related to alter.c and build.c. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-13632 | libsqlite3-0 | 3.16.2-5+deb9u1 | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der | | | | | | eference via a crafted matchinfo() query. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-1304 | libss2 | 1.43.4-2 | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. | | | | | | 5. This issue leads to a segmentation fault and possibly arbitrary cod | | | | | | e execution via a specially crafted filesystem. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-5094 | libss2 | 1.43.4-2 | An exploitable code execution vulnerability exists in the quota file f | | | | | | unctionality of E2fsprogs 1.45.3. A specially crafted ext4 partition c | | | | | | an cause an out-of-bounds write on the heap, resulting in code executi | | | | | | on. An attacker can corrupt a partition to trigger this vulnerability. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-5188 | libss2 | 1.43.4-2 | A code execution vulnerability exists in the directory rehashing funct | | | | | | ionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 director | | | | | | y can cause an out-of-bounds write on the stack, resulting in code exe | | | | | | cution. An attacker can corrupt a partition to trigger this vulnerabil | | | | | | ity. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-1292 | libssl1.1 | 1.1.0f-3+deb9u2 | The c_rehash script does not properly sanitise shell metacharacters to | | | | | | prevent command injection. This script is distributed by some operati | | | | | | ng systems in a manner where it is automatically executed. On such ope | | | | | | rating systems, an attacker could execute arbitrary commands with the | | | | | | privileges of the script. Use of the c_rehash script is considered obs | | | | | | olete and should be replaced by the OpenSSL rehash command line tool. | | | | | | Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL | | | | | | 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0 | | | | | | .2-1.0.2zd). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-0732 | libssl1.1 | 1.1.0f-3+deb9u2 | During key agreement in a TLS handshake using a DH(E) based ciphersuit | | | | | | e a malicious server can send a very large prime value to the client. | | | | | | This will cause the client to spend an unreasonably long period of tim | | | | | | e generating a key for this prime resulting in a hang until the client | | | | | | has finished. This could be exploited in a Denial Of Service attack. | | | | | | Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL | | | | | | 1.0.2p-dev (Affected 1.0.2-1.0.2o). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-1543 | libssl1.1 | 1.1.0f-3+deb9u2 | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input | | | | | | for every encryption operation. RFC 7539 specifies that the nonce val | | | | | | ue (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce | | | | | | length and front pads the nonce with 0 bytes if it is less than 12 byt | | | | | | es. However it also incorrectly allows a nonce to be set of up to 16 b | | | | | | ytes. In this case only the last 12 bytes are significant and any addi | | | | | | tional leading bytes are ignored. It is a requirement of using this ci | | | | | | pher that nonce values are unique. Messages encrypted using a reused n | | | | | | once value are susceptible to serious confidentiality and integrity at | | | | | | tacks. If an application changes the default nonce length to be longer | | | | | | than 12 bytes and then makes a change to the leading bytes of the non | | | | | | ce expecting the new value to be a new unique nonce then such an appli | | | | | | cation could inadvertently encrypt messages with a reused nonce. Addit | | | | | | ionally the ignored bytes in a long nonce are not covered by the integ | | | | | | rity guarantee of this cipher. Any application that relies on the inte | | | | | | grity of these ignored leading bytes of a long nonce may be further af | | | | | | fected. Any OpenSSL internal use of this cipher, including in SSL/TLS, | | | | | | is safe because no such use sets such a long nonce value. However use | | | | | | r applications that use this cipher directly and set a non-default non | | | | | | ce length to be longer than 12 bytes may be vulnerable. OpenSSL versio | | | | | | ns 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scop | | | | | | e of affected deployments this has been assessed as low severity and t | | | | | | herefore we are not creating new releases at this time. Fixed in OpenS | | | | | | SL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1 | | | | | | .1.0-1.1.0j). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-23840 | libssl1.1 | 1.1.0f-3+deb9u2 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may | | | | | | overflow the output length argument in some cases where the input len | | | | | | gth is close to the maximum permissable length for an integer on the p | | | | | | latform. In such cases the return value from the function call will be | | | | | | 1 (indicating success), but the output length value will be negative. | | | | | | This could cause applications to behave incorrectly or crash. OpenSSL | | | | | | versions 1.1.1i and below are affected by this issue. Users of these | | | | | | versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and | | | | | | below are affected by this issue. However OpenSSL 1.0.2 is out of sup | | | | | | port and no longer receiving public updates. Premium support customers | | | | | | of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade | | | | | | to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in | | | | | | OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-3712 | libssl1.1 | 1.1.0f-3+deb9u2 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STR | | | | | | ING structure which contains a buffer holding the string data and a fi | | | | | | eld holding the buffer length. This contrasts with normal C strings wh | | | | | | ich are repesented as a buffer for the string data which is terminated | | | | | | with a NUL (0) byte. Although not a strict requirement, ASN.1 strings | | | | | | that are parsed using OpenSSL's own "d2i" functions (and other simila | | | | | | r parsing functions) as well as any string whose value has been set wi | | | | | | th the ASN1_STRING_set() function will additionally NUL terminate the | | | | | | byte array in the ASN1_STRING structure. However, it is possible for a | | | | | | pplications to directly construct valid ASN1_STRING structures which d | | | | | | o not NUL terminate the byte array by directly setting the "data" and | | | | | | "length" fields in the ASN1_STRING array. This can also happen by usin | | | | | | g the ASN1_STRING_set0() function. Numerous OpenSSL functions that pri | | | | | | nt ASN.1 data have been found to assume that the ASN1_STRING byte arra | | | | | | y will be NUL terminated, even though this is not guaranteed for strin | | | | | | gs that have been directly constructed. Where an application requests | | | | | | an ASN.1 structure to be printed, and where that ASN.1 structure conta | | | | | | ins ASN1_STRINGs that have been directly constructed by the applicatio | | | | | | n without NUL terminating the "data" field, then a read buffer overrun | | | | | | can occur. The same thing can also occur during name constraints proc | | | | | | essing of certificates (for example if a certificate has been directly | | | | | | constructed by the application instead of loading it via the OpenSSL | | | | | | parsing functions, and the certificate contains non NUL terminated ASN | | | | | | 1_STRING structures). It can also occur in the X509_get1_email(), X509 | | | | | | _REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor | | | | | | can cause an application to directly construct an ASN1_STRING and the | | | | | | n process it through one of the affected OpenSSL functions then this i | | | | | | ssue could be hit. This might result in a crash (causing a Denial of S | | | | | | ervice attack). It could also result in the disclosure of private memo | | | | | | ry contents (such as private keys, or sensitive plaintext). Fixed in O | | | | | | penSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affec | | | | | | ted 1.0.2-1.0.2y). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-0778 | libssl1.1 | 1.1.0f-3+deb9u2 | The BN_mod_sqrt() function, which computes a modular square root, cont | | | | | | ains a bug that can cause it to loop forever for non-prime moduli. Int | | | | | | ernally this function is used when parsing certificates that contain e | | | | | | lliptic curve public keys in compressed form or explicit elliptic curv | | | | | | e parameters with a base point encoded in compressed form. It is possi | | | | | | ble to trigger the infinite loop by crafting a certificate that has in | | | | | | valid explicit curve parameters. Since certificate parsing happens pri | | | | | | or to verification of the certificate signature, any process that pars | | | | | | es an externally supplied certificate may thus be subject to a denial | | | | | | of service attack. The infinite loop can also be reached when parsing | | | | | | crafted private keys as they can contain explicit elliptic curve param | | | | | | eters. Thus vulnerable situations include: - TLS clients consuming ser | | | | | | ver certificates - TLS servers consuming client certificates - Hosting | | | | | | providers taking certificates or private keys from customers - Certif | | | | | | icate authorities parsing certification requests from subscribers - An | | | | | | ything else which parses ASN.1 elliptic curve parameters Also any othe | | | | | | r applications that use the BN_mod_sqrt() where the attacker can contr | | | | | | ol the parameter values are vulnerable to this DoS issue. In the OpenS | | | | | | SL 1.0.2 version the public key is not parsed during initial parsing o | | | | | | f the certificate which makes it slightly harder to trigger the infini | | | | | | te loop. However any operation which requires the public key from the | | | | | | certificate will trigger the infinite loop. In particular the attacker | | | | | | can use a self-signed certificate to trigger the loop during verifica | | | | | | tion of the certificate signature. This issue affects OpenSSL versions | | | | | | 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and | | | | | | 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3 | | | | | | .0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenS | | | | | | SL 1.0.2zd (Affected 1.0.2-1.0.2zc). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-0734 | libssl1.1 | 1.1.0f-3+deb9u2 | The OpenSSL DSA signature algorithm has been shown to be vulnerable to | | | | | | a timing side channel attack. An attacker could use variations in the | | | | | | signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a | | | | | | (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi | | | | | | xed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-0735 | libssl1.1 | 1.1.0f-3+deb9u2 | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable | | | | | | to a timing side channel attack. An attacker could use variations in t | | | | | | he signing algorithm to recover the private key. Fixed in OpenSSL 1.1. | | | | | | 0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-0737 | libssl1.1 | 1.1.0f-3+deb9u2 | The OpenSSL RSA Key generation algorithm has been shown to be vulnerab | | | | | | le to a cache timing side channel attack. An attacker with sufficient | | | | | | access to mount cache timing attacks during the RSA key generation pro | | | | | | cess could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affec | | | | | | ted 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o | | | | | | ). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5407 | libssl1.1 | 1.1.0f-3+deb9u2 | Simultaneous Multi-threading (SMT) in processors can enable local user | | | | | | s to exploit software vulnerable to timing attacks via a side-channel | | | | | | timing attack on 'port contention'. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-1547 | libssl1.1 | 1.1.0f-3+deb9u2 | Normally in OpenSSL EC groups always have a co-factor present and this | | | | | | is used in side channel resistant code paths. However, in some cases, | | | | | | it is possible to construct a group using explicit parameters (instea | | | | | | d of using a named curve). In those cases it is possible that such a g | | | | | | roup does not have the cofactor present. This can occur even where all | | | | | | the parameters match a known named curve. If such a curve is used the | | | | | | n OpenSSL falls back to non-side channel resistant code paths which ma | | | | | | y result in full key recovery during an ECDSA signature operation. In | | | | | | order to be vulnerable an attacker would have to have the ability to t | | | | | | ime the creation of a large number of signatures where explicit parame | | | | | | ters with no co-factor present are in use by an application using libc | | | | | | rypto. For the avoidance of doubt libssl is not vulnerable because exp | | | | | | licit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1 | | | | | | .1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in | | | | | | OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-1551 | libssl1.1 | 1.1.0f-3+deb9u2 | There is an overflow bug in the x64_64 Montgomery squaring procedure u | | | | | | sed in exponentiation with 512-bit moduli. No EC algorithms are affect | | | | | | ed. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RS | | | | | | A1536, and DSA1024 as a result of this defect would be very difficult | | | | | | to perform and are not believed likely. Attacks against DH512 are cons | | | | | | idered just feasible. However, for an attack the target would have to | | | | | | re-use the DH512 private key, which is not recommended anyway. Also ap | | | | | | plications directly using the low level API BN_mod_exp may be affected | | | | | | if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1 | | | | | | -1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-1971 | libssl1.1 | 1.1.0f-3+deb9u2 | The X.509 GeneralName type is a generic type for representing differen | | | | | | t types of names. One of those name types is known as EDIPartyName. Op | | | | | | enSSL provides a function GENERAL_NAME_cmp which compares different in | | | | | | stances of a GENERAL_NAME to see if they are equal or not. This functi | | | | | | on behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME | | | | | | . A NULL pointer dereference and a crash may occur leading to a possib | | | | | | le denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp | | | | | | function for two purposes: 1) Comparing CRL distribution point names b | | | | | | etween an available CRL and a CRL distribution point embedded in an X5 | | | | | | 09 certificate 2) When verifying that a timestamp response token signe | | | | | | r matches the timestamp authority name (exposed via the API functions | | | | | | TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can c | | | | | | ontrol both items being compared then that attacker could trigger a cr | | | | | | ash. For example if the attacker can trick a client or server into che | | | | | | cking a malicious certificate against a malicious CRL then this may oc | | | | | | cur. Note that some applications automatically download CRLs based on | | | | | | a URL embedded in a certificate. This checking happens prior to the si | | | | | | gnatures on the certificate and CRL being verified. OpenSSL's s_server | | | | | | , s_client and verify tools have support for the "-crl_download" optio | | | | | | n which implements automatic CRL downloading and this attack has been | | | | | | demonstrated to work against those tools. Note that an unrelated bug m | | | | | | eans that affected versions of OpenSSL cannot parse or construct corre | | | | | | ct encodings of EDIPARTYNAME. However it is possible to construct a ma | | | | | | lformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigg | | | | | | er this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by t | | | | | | his issue. Other OpenSSL releases are out of support and have not been | | | | | | checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in Op | | | | | | enSSL 1.0.2x (Affected 1.0.2-1.0.2w). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-23841 | libssl1.1 | 1.1.0f-3+deb9u2 | The OpenSSL public API function X509_issuer_and_serial_hash() attempts | | | | | | to create a unique hash value based on the issuer and serial number d | | | | | | ata contained within an X509 certificate. However it fails to correctl | | | | | | y handle any errors that may occur while parsing the issuer field (whi | | | | | | ch might occur if the issuer field is maliciously constructed). This m | | | | | | ay subsequently result in a NULL pointer deref and a crash leading to | | | | | | a potential denial of service attack. The function X509_issuer_and_ser | | | | | | ial_hash() is never directly called by OpenSSL itself so applications | | | | | | are only vulnerable if they use this function directly and they use it | | | | | | on certificates that may have been obtained from untrusted sources. O | | | | | | penSSL versions 1.1.1i and below are affected by this issue. Users of | | | | | | these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0. | | | | | | 2x and below are affected by this issue. However OpenSSL 1.0.2 is out | | | | | | of support and no longer receiving public updates. Premium support cus | | | | | | tomers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should u | | | | | | pgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fix | | | | | | ed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-4160 | libssl1.1 | 1.1.0f-3+deb9u2 | There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro | | | | | | cedure. Many EC algorithms are affected, including some of the TLS 1.3 | | | | | | default curves. Impact was not analyzed in detail, because the pre-re | | | | | | quisites for attack are considered unlikely and include reusing privat | | | | | | e keys. Analysis suggests that attacks against RSA and DSA as a result | | | | | | of this defect would be very difficult to perform and are not believe | | | | | | d likely. Attacks against DH are considered just feasible (although ve | | | | | | ry difficult) because most of the work necessary to deduce information | | | | | | about a private key may be performed offline. The amount of resources | | | | | | required for such an attack would be significant. However, for an att | | | | | | ack on TLS to be meaningful, the server would have to share the DH pri | | | | | | vate key among multiple clients, which is no longer an option since CV | | | | | | E-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. | | | | | | 0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of | | | | | | December 2021. For the 1.0.2 release it is addressed in git commit 6f | | | | | | c1aaaf3 that is available to premium support customers only. It will b | | | | | | e made available in 1.0.2zc when it is released. The issue only affect | | | | | | s OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). | | | | | | Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0. | | | | | | 2zc-dev (Affected 1.0.2-1.0.2zb). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-1563 | libssl1.1 | 1.1.0f-3+deb9u2 | In situations where an attacker receives automated notification of the | | | | | | success or failure of a decryption attempt an attacker, after sending | | | | | | a very large number of messages to be decrypted, can recover a CMS/PK | | | | | | CS7 transported encryption key or decrypt any RSA encrypted message th | | | | | | at was encrypted with the public RSA key, using a Bleichenbacher paddi | | | | | | ng oracle attack. Applications are not affected if they use a certific | | | | | | ate together with the private RSA key to the CMS_decrypt or PKCS7_decr | | | | | | ypt functions to select the correct recipient info to decrypt. Fixed i | | | | | | n OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Aff | | | | | | ected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-12886 | libstdc++6 | 6.3.0-18+deb9u1 | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu | | | | | | nction.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain | | | | | | circumstances) generate instruction sequences when targeting ARM targ | | | | | | ets that spill the address of the stack protector guard, which allows | | | | | | an attacker to bypass the protection of -fstack-protector, -fstack-pro | | | | | | tector-all, -fstack-protector-strong, and -fstack-protector-explicit a | | | | | | gainst stack overflow by controlling what the stack canary is compared | | | | | | against. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-15686 | libsystemd0 | 232-25+deb9u3 | A vulnerability in unit_deserialize of systemd allows an attacker to s | | | | | | upply arbitrary state across systemd re-execution via NotifyAccess. Th | | | | | | is can be used to improperly influence systemd execution and possibly | | | | | | lead to root privilege escalation. Affected releases are systemd versi | | | | | | ons up to and including 239. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-15688 | libsystemd0 | 232-25+deb9u3 | A buffer overflow vulnerability in the dhcp6 client of systemd allows | | | | | | a malicious dhcp6 server to overwrite heap memory in systemd-networkd. | | | | | | Affected releases are systemd: versions up to and including 239. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-16864 | libsystemd0 | 232-25+deb9u3 | An allocation of memory without limits, that could result in the stack | | | | | | clashing with another memory region, was discovered in systemd-journa | | | | | | ld when a program with long command line arguments calls syslog. A loc | | | | | | al attacker may use this flaw to crash systemd-journald or escalate hi | | | | | | s privileges. Versions through v240 are vulnerable. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-16865 | libsystemd0 | 232-25+deb9u3 | An allocation of memory without limits, that could result in the stack | | | | | | clashing with another memory region, was discovered in systemd-journa | | | | | | ld when many entries are sent to the journal socket. A local attacker, | | | | | | or a remote one if systemd-journal-remote is used, may use this flaw | | | | | | to crash systemd-journald or execute code with journald privileges. Ve | | | | | | rsions through v240 are vulnerable. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-3842 | libsystemd0 | 232-25+deb9u3 | In systemd before v242-rc4, it was discovered that pam_systemd does no | | | | | | t properly sanitize the environment before using the XDG_SEAT variable | | | | | | . It is possible for an attacker, in some particular configurations, t | | | | | | o set a XDG_SEAT environment variable which allows for commands to be | | | | | | checked against polkit policies using the "allow_active" element rathe | | | | | | r than "allow_any". | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-3843 | libsystemd0 | 232-25+deb9u3 | It was discovered that a systemd service that uses DynamicUser propert | | | | | | y can create a SUID/SGID binary that would be allowed to run as the tr | | | | | | ansient service UID/GID even after the service is terminated. A local | | | | | | attacker may use this flaw to access resources that will be owned by a | | | | | | potentially different service in the future, when the UID/GID will be | | | | | | recycled. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-3844 | libsystemd0 | 232-25+deb9u3 | It was discovered that a systemd service that uses DynamicUser propert | | | | | | y can get new privileges through the execution of SUID binaries, which | | | | | | would allow to create binaries owned by the service transient group w | | | | | | ith the setgid bit set. A local attacker may use this flaw to access r | | | | | | esources that will be owned by a potentially different service in the | | | | | | future, when the GID will be recycled. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-1712 | libsystemd0 | 232-25+deb9u3 | A heap use-after-free vulnerability was found in systemd before versio | | | | | | n v245-rc1, where asynchronous Polkit queries are performed while hand | | | | | | ling dbus messages. A local unprivileged attacker can abuse this flaw | | | | | | to crash systemd services or potentially execute code and elevate thei | | | | | | r privileges, by sending specially crafted dbus messages. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-1049 | libsystemd0 | 232-25+deb9u3 | In systemd prior to 234 a race condition exists between .mount and .au | | | | | | tomount units such that automount requests from kernel may not be serv | | | | | | iced by systemd resulting in kernel holding the mountpoint and any pro | | | | | | cesses that try to use said mount will hang. A race condition like thi | | | | | | s may lead to denial of service, until mount points are unmounted. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-6454 | libsystemd0 | 232-25+deb9u3 | An issue was discovered in sd-bus in systemd 239. bus_process_object() | | | | | | in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack | | | | | | buffer for temporarily storing the object path of incoming D-Bus messa | | | | | | ges. An unprivileged local user can exploit this by sending a speciall | | | | | | y crafted message to PID1, causing the stack pointer to jump over the | | | | | | stack guard pages into an unmapped memory region and trigger a denial | | | | | | of service (systemd PID1 crash and kernel panic). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-33910 | libsystemd0 | 232-25+deb9u3 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 | | | | | | has a Memory Allocation with an Excessive Size Value (involving strdup | | | | | | a and alloca for a pathname controlled by a local attacker) that resul | | | | | | ts in an operating system crash. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-3997 | libsystemd0 | 232-25+deb9u3 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpf | | | | | | iles may lead to a denial of service at boot time when too many nested | | | | | | directories are created in /tmp. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-16866 | libsystemd0 | 232-25+deb9u3 | An out of bounds read was discovered in systemd-journald in the way it | | | | | | parses log messages that terminate with a colon ':'. A local attacker | | | | | | can use this flaw to disclose process memory data. Versions from v221 | | | | | | to v239 are vulnerable. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-16888 | libsystemd0 | 232-25+deb9u3 | It was discovered systemd does not correctly check the content of PIDF | | | | | | ile files before using it to kill processes. When a service is run fro | | | | | | m an unprivileged user (e.g. User field set in the service file), a lo | | | | | | cal attacker who is able to write to the PIDFile of the mentioned serv | | | | | | ice may use this flaw to trick systemd into killing other services and | | | | | | /or privileged processes. Versions before v237 are vulnerable. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-6954 | libsystemd0 | 232-25+deb9u3 | systemd-tmpfiles in systemd through 237 mishandles symlinks present in | | | | | | non-terminal path components, which allows local users to obtain owne | | | | | | rship of arbitrary files via vectors involving creation of a directory | | | | | | and a file under that directory, and later replacing that directory w | | | | | | ith a symlink. This occurs even if the fs.protected_symlinks sysctl is | | | | | | turned on. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-3815 | libsystemd0 | 232-25+deb9u3 | A memory leak was discovered in the backport of fixes for CVE-2018-168 | | | | | | 64 in Red Hat Enterprise Linux. Function dispatch_message_real() in jo | | | | | | urnald-server.c does not free the memory allocated by set_iovec_field_ | | | | | | free() to store the `_CMDLINE=` entry. A local attacker may use this f | | | | | | law to make systemd-journald crash. This issue only affects versions s | | | | | | hipped with Red Hat Enterprise since v219-62.2. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DSA-4367-2 | libsystemd0 | 232-25+deb9u3 | DSA-4367-2 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-29458 | libtinfo5 | 6.0+20161126-1+deb9u2 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen | | | | | | tation violation in convert_strings in tinfo/read_entry.c in the termi | | | | | | nfo library. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-19211 | libtinfo5 | 6.0+20161126-1+deb9u2 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa | | | | | | rse_entry in parse_entry.c that will lead to a denial of service attac | | | | | | k. The product proceeds to the dereference code path even after a "dub | | | | | | ious character `*' in name or alias field" detection. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-17594 | libtinfo5 | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the _nc_find_entry function | | | | | | in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-201 | | | | | | 91012. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-17595 | libtinfo5 | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the fmt_entry function in ti | | | | | | nfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012 | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-15686 | libudev1 | 232-25+deb9u3 | A vulnerability in unit_deserialize of systemd allows an attacker to s | | | | | | upply arbitrary state across systemd re-execution via NotifyAccess. Th | | | | | | is can be used to improperly influence systemd execution and possibly | | | | | | lead to root privilege escalation. Affected releases are systemd versi | | | | | | ons up to and including 239. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-15688 | libudev1 | 232-25+deb9u3 | A buffer overflow vulnerability in the dhcp6 client of systemd allows | | | | | | a malicious dhcp6 server to overwrite heap memory in systemd-networkd. | | | | | | Affected releases are systemd: versions up to and including 239. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-16864 | libudev1 | 232-25+deb9u3 | An allocation of memory without limits, that could result in the stack | | | | | | clashing with another memory region, was discovered in systemd-journa | | | | | | ld when a program with long command line arguments calls syslog. A loc | | | | | | al attacker may use this flaw to crash systemd-journald or escalate hi | | | | | | s privileges. Versions through v240 are vulnerable. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-16865 | libudev1 | 232-25+deb9u3 | An allocation of memory without limits, that could result in the stack | | | | | | clashing with another memory region, was discovered in systemd-journa | | | | | | ld when many entries are sent to the journal socket. A local attacker, | | | | | | or a remote one if systemd-journal-remote is used, may use this flaw | | | | | | to crash systemd-journald or execute code with journald privileges. Ve | | | | | | rsions through v240 are vulnerable. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-3842 | libudev1 | 232-25+deb9u3 | In systemd before v242-rc4, it was discovered that pam_systemd does no | | | | | | t properly sanitize the environment before using the XDG_SEAT variable | | | | | | . It is possible for an attacker, in some particular configurations, t | | | | | | o set a XDG_SEAT environment variable which allows for commands to be | | | | | | checked against polkit policies using the "allow_active" element rathe | | | | | | r than "allow_any". | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-3843 | libudev1 | 232-25+deb9u3 | It was discovered that a systemd service that uses DynamicUser propert | | | | | | y can create a SUID/SGID binary that would be allowed to run as the tr | | | | | | ansient service UID/GID even after the service is terminated. A local | | | | | | attacker may use this flaw to access resources that will be owned by a | | | | | | potentially different service in the future, when the UID/GID will be | | | | | | recycled. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-3844 | libudev1 | 232-25+deb9u3 | It was discovered that a systemd service that uses DynamicUser propert | | | | | | y can get new privileges through the execution of SUID binaries, which | | | | | | would allow to create binaries owned by the service transient group w | | | | | | ith the setgid bit set. A local attacker may use this flaw to access r | | | | | | esources that will be owned by a potentially different service in the | | | | | | future, when the GID will be recycled. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-1712 | libudev1 | 232-25+deb9u3 | A heap use-after-free vulnerability was found in systemd before versio | | | | | | n v245-rc1, where asynchronous Polkit queries are performed while hand | | | | | | ling dbus messages. A local unprivileged attacker can abuse this flaw | | | | | | to crash systemd services or potentially execute code and elevate thei | | | | | | r privileges, by sending specially crafted dbus messages. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-1049 | libudev1 | 232-25+deb9u3 | In systemd prior to 234 a race condition exists between .mount and .au | | | | | | tomount units such that automount requests from kernel may not be serv | | | | | | iced by systemd resulting in kernel holding the mountpoint and any pro | | | | | | cesses that try to use said mount will hang. A race condition like thi | | | | | | s may lead to denial of service, until mount points are unmounted. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-6454 | libudev1 | 232-25+deb9u3 | An issue was discovered in sd-bus in systemd 239. bus_process_object() | | | | | | in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack | | | | | | buffer for temporarily storing the object path of incoming D-Bus messa | | | | | | ges. An unprivileged local user can exploit this by sending a speciall | | | | | | y crafted message to PID1, causing the stack pointer to jump over the | | | | | | stack guard pages into an unmapped memory region and trigger a denial | | | | | | of service (systemd PID1 crash and kernel panic). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-33910 | libudev1 | 232-25+deb9u3 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 | | | | | | has a Memory Allocation with an Excessive Size Value (involving strdup | | | | | | a and alloca for a pathname controlled by a local attacker) that resul | | | | | | ts in an operating system crash. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-3997 | libudev1 | 232-25+deb9u3 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpf | | | | | | iles may lead to a denial of service at boot time when too many nested | | | | | | directories are created in /tmp. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-16866 | libudev1 | 232-25+deb9u3 | An out of bounds read was discovered in systemd-journald in the way it | | | | | | parses log messages that terminate with a colon ':'. A local attacker | | | | | | can use this flaw to disclose process memory data. Versions from v221 | | | | | | to v239 are vulnerable. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-16888 | libudev1 | 232-25+deb9u3 | It was discovered systemd does not correctly check the content of PIDF | | | | | | ile files before using it to kill processes. When a service is run fro | | | | | | m an unprivileged user (e.g. User field set in the service file), a lo | | | | | | cal attacker who is able to write to the PIDFile of the mentioned serv | | | | | | ice may use this flaw to trick systemd into killing other services and | | | | | | /or privileged processes. Versions before v237 are vulnerable. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-6954 | libudev1 | 232-25+deb9u3 | systemd-tmpfiles in systemd through 237 mishandles symlinks present in | | | | | | non-terminal path components, which allows local users to obtain owne | | | | | | rship of arbitrary files via vectors involving creation of a directory | | | | | | and a file under that directory, and later replacing that directory w | | | | | | ith a symlink. This occurs even if the fs.protected_symlinks sysctl is | | | | | | turned on. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-3815 | libudev1 | 232-25+deb9u3 | A memory leak was discovered in the backport of fixes for CVE-2018-168 | | | | | | 64 in Red Hat Enterprise Linux. Function dispatch_message_real() in jo | | | | | | urnald-server.c does not free the memory allocated by set_iovec_field_ | | | | | | free() to store the `_CMDLINE=` entry. A local attacker may use this f | | | | | | law to make systemd-journald crash. This issue only affects versions s | | | | | | hipped with Red Hat Enterprise since v219-62.2. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DSA-4367-2 | libudev1 | 232-25+deb9u3 | DSA-4367-2 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2016-2779 | libuuid1 | 2.29.2-1+deb9u1 | runuser in util-linux allows local users to escape to the parent sessi | | | | | | on via a crafted TIOCSTI ioctl call, which pushes characters to the te | | | | | | rminal's input buffer. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-37600 | libuuid1 | 2.29.2-1+deb9u1 | An integer overflow in util-linux through 2.37.1 can potentially cause | | | | | | a buffer overflow if an attacker were able to use system resources in | | | | | | a way that leads to a large number in the /proc/sysvipc/sem file. NOT | | | | | | E: this is unexploitable in GNU C Library environments, and possibly i | | | | | | n all realistic environments. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2021-31535 | libx11-6 | 2:1.6.4-3 | LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a | | | | | | llow remote attackers to execute arbitrary code. The libX11 XLookupCol | | | | | | or request (intended for server-side color lookup) contains a flaw all | | | | | | owing a client to send color-name requests with a name longer than the | | | | | | maximum size allowed by the protocol (and also longer than the maximu | | | | | | m packet size for normal-sized packets). The user-controlled data exce | | | | | | eding the maximum size is then interpreted by the server as additional | | | | | | X protocol requests and executed, e.g., to disable X server authoriza | | | | | | tion completely. For example, if the victim encounters malicious termi | | | | | | nal control sequences for color codes, then the attacker may be able t | | | | | | o take full control of the running graphical session. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-14363 | libx11-6 | 2:1.6.4-3 | An integer overflow vulnerability leading to a double-free was found i | | | | | | n libX11. This flaw allows a local privileged attacker to cause an app | | | | | | lication compiled with libX11 to crash, or in some cases, result in ar | | | | | | bitrary code execution. The highest threat from this flaw is to confid | | | | | | entiality, integrity as well as system availability. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14344 | libx11-6 | 2:1.6.4-3 | An integer overflow leading to a heap-buffer overflow was found in The | | | | | | X Input Method (XIM) client was implemented in libX11 before version | | | | | | 1.6.10. As per upstream this is security relevant when setuid programs | | | | | | call XIM client functions while running with elevated privileges. No | | | | | | such programs are shipped with Red Hat Enterprise Linux. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-14598 | libx11-6 | 2:1.6.4-3 | An issue was discovered in XListExtensions in ListExt.c in libX11 thro | | | | | | ugh 1.6.5. A malicious server can send a reply in which the first stri | | | | | | ng overflows, causing a variable to be set to NULL that will be freed | | | | | | later on, leading to DoS (segmentation fault). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-14599 | libx11-6 | 2:1.6.4-3 | An issue was discovered in libX11 through 1.6.5. The function XListExt | | | | | | ensions in ListExt.c is vulnerable to an off-by-one error caused by ma | | | | | | licious server responses, leading to DoS or possibly unspecified other | | | | | | impact. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-14600 | libx11-6 | 2:1.6.4-3 | An issue was discovered in libX11 through 1.6.5. The function XListExt | | | | | | ensions in ListExt.c interprets a variable as signed instead of unsign | | | | | | ed, resulting in an out-of-bounds write (of up to 128 bytes), leading | | | | | | to DoS or remote code execution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2021-31535 | libx11-data | 2:1.6.4-3 | LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a | | | | | | llow remote attackers to execute arbitrary code. The libX11 XLookupCol | | | | | | or request (intended for server-side color lookup) contains a flaw all | | | | | | owing a client to send color-name requests with a name longer than the | | | | | | maximum size allowed by the protocol (and also longer than the maximu | | | | | | m packet size for normal-sized packets). The user-controlled data exce | | | | | | eding the maximum size is then interpreted by the server as additional | | | | | | X protocol requests and executed, e.g., to disable X server authoriza | | | | | | tion completely. For example, if the victim encounters malicious termi | | | | | | nal control sequences for color codes, then the attacker may be able t | | | | | | o take full control of the running graphical session. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-14363 | libx11-data | 2:1.6.4-3 | An integer overflow vulnerability leading to a double-free was found i | | | | | | n libX11. This flaw allows a local privileged attacker to cause an app | | | | | | lication compiled with libX11 to crash, or in some cases, result in ar | | | | | | bitrary code execution. The highest threat from this flaw is to confid | | | | | | entiality, integrity as well as system availability. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14344 | libx11-data | 2:1.6.4-3 | An integer overflow leading to a heap-buffer overflow was found in The | | | | | | X Input Method (XIM) client was implemented in libX11 before version | | | | | | 1.6.10. As per upstream this is security relevant when setuid programs | | | | | | call XIM client functions while running with elevated privileges. No | | | | | | such programs are shipped with Red Hat Enterprise Linux. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-14598 | libx11-data | 2:1.6.4-3 | An issue was discovered in XListExtensions in ListExt.c in libX11 thro | | | | | | ugh 1.6.5. A malicious server can send a reply in which the first stri | | | | | | ng overflows, causing a variable to be set to NULL that will be freed | | | | | | later on, leading to DoS (segmentation fault). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-14599 | libx11-data | 2:1.6.4-3 | An issue was discovered in libX11 through 1.6.5. The function XListExt | | | | | | ensions in ListExt.c is vulnerable to an off-by-one error caused by ma | | | | | | licious server responses, leading to DoS or possibly unspecified other | | | | | | impact. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-14600 | libx11-data | 2:1.6.4-3 | An issue was discovered in libX11 through 1.6.5. The function XListExt | | | | | | ensions in ListExt.c interprets a variable as signed instead of unsign | | | | | | ed, resulting in an out-of-bounds write (of up to 128 bytes), leading | | | | | | to DoS or remote code execution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2017-12424 | login | 1:4.4-4.1 | In shadow before 4.5, the newusers tool could be made to manipulate in | | | | | | ternal data structures in ways unintended by the authors. Malformed in | | | | | | put may lead to crashes (with a buffer overflow or other memory corrup | | | | | | tion) or other unspecified behaviors. This crosses a privilege boundar | | | | | | y in, for example, certain web-hosting environments in which a Control | | | | | | Panel allows an unprivileged user account to create subaccounts. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-20002 | login | 1:4.4-4.1 | The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists | | | | | | pts/0 and pts/1 as physical terminals in /etc/securetty. This allows l | | | | | | ocal users to login as password-less users even if they are connected | | | | | | by non-physical means such as SSH (hence bypassing PAM's nullok_secure | | | | | | configuration). This notably affects environments such as virtual mac | | | | | | hines automatically generated with a default blank root password, allo | | | | | | wing all local users to escalate privileges. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-7169 | login | 1:4.4-4.1 | An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is | | | | | | setuid and allows an unprivileged user to be placed in a user namespac | | | | | | e where setgroups(2) is permitted. This allows an attacker to remove t | | | | | | hemselves from a supplementary group, which may allow access to certai | | | | | | n filesystem paths if the administrator has used "group blacklisting" | | | | | | (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively | | | | | | reverts a security feature in the kernel (in particular, the /proc/se | | | | | | lf/setgroups knob) to prevent this sort of privilege escalation. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2016-2779 | mount | 2.29.2-1+deb9u1 | runuser in util-linux allows local users to escape to the parent sessi | | | | | | on via a crafted TIOCSTI ioctl call, which pushes characters to the te | | | | | | rminal's input buffer. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-37600 | mount | 2.29.2-1+deb9u1 | An integer overflow in util-linux through 2.37.1 can potentially cause | | | | | | a buffer overflow if an attacker were able to use system resources in | | | | | | a way that leads to a large number in the /proc/sysvipc/sem file. NOT | | | | | | E: this is unexploitable in GNU C Library environments, and possibly i | | | | | | n all realistic environments. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2017-18269 | multiarch-support | 2.24-11+deb9u3 | An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 | | | | | | /multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or | | | | | | libc6) 2.21 through 2.27 does not correctly perform the overlapping me | | | | | | mory check if the source memory range spans the middle of the address | | | | | | space, resulting in corrupt data being produced by the copy operation. | | | | | | This may disclose information to context-dependent attackers, or resu | | | | | | lt in a denial of service, or, possibly, code execution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-1000408 | multiarch-support | 2.24-11+deb9u3 | A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached | | | | | | and amplified through the LD_HWCAP_MASK environment variable. Please | | | | | | note that many versions of glibc are not vulnerable to this issue if p | | | | | | atched for CVE-2017-1000366. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-1000409 | multiarch-support | 2.24-11+deb9u3 | A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca | | | | | | n be triggered through the LD_LIBRARY_PATH environment variable. Pleas | | | | | | e note that many versions of glibc are not vulnerable to this issue if | | | | | | patched for CVE-2017-1000366. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-16997 | multiarch-support | 2.24-11+deb9u3 | elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 | | | | | | .26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged ( | | | | | | setuid or AT_SECURE) program, which allows local users to gain privile | | | | | | ges via a Trojan horse library in the current working directory, relat | | | | | | ed to the fillin_rpath and decompose_rpath functions. This is associat | | | | | | ed with misinterpretion of an empty RPATH/RUNPATH token as the "./" di | | | | | | rectory. NOTE: this configuration of RPATH/RUNPATH for a privileged pr | | | | | | ogram is apparently very uncommon; most likely, no such program is shi | | | | | | pped with any common Linux distribution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-15670 | multiarch-support | 2.24-11+deb9u3 | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- | | | | | | one error leading to a heap-based buffer overflow in the glob function | | | | | | in glob.c, related to the processing of home directories using the ~ | | | | | | operator followed by a long string. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-15671 | multiarch-support | 2.24-11+deb9u3 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) | | | | | | before 2.27, when invoked with GLOB_TILDE, could skip freeing allocate | | | | | | d memory when processing the ~ operator with a long user name, potenti | | | | | | ally leading to a denial of service (memory leak). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2017-15804 | multiarch-support | 2.24-11+deb9u3 | The glob function in glob.c in the GNU C Library (aka glibc or libc6) | | | | | | before 2.27 contains a buffer overflow during unescaping of user names | | | | | | with the ~ operator. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-11236 | multiarch-support | 2.24-11+deb9u3 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a | | | | | | nd earlier, when processing very long pathname arguments to the realpa | | | | | | th function, could encounter an integer overflow on 32-bit architectur | | | | | | es, leading to a stack-based buffer overflow and, potentially, arbitra | | | | | | ry code execution. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-11237 | multiarch-support | 2.24-11+deb9u3 | An AVX-512-optimized implementation of the mempcpy function in the GNU | | | | | | C Library (aka glibc or libc6) 2.27 and earlier may write data beyond | | | | | | the target buffer, leading to a buffer overflow in __mempcpy_avx512_n | | | | | | o_vzeroupper. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-29458 | ncurses-base | 6.0+20161126-1+deb9u2 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen | | | | | | tation violation in convert_strings in tinfo/read_entry.c in the termi | | | | | | nfo library. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-19211 | ncurses-base | 6.0+20161126-1+deb9u2 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa | | | | | | rse_entry in parse_entry.c that will lead to a denial of service attac | | | | | | k. The product proceeds to the dereference code path even after a "dub | | | | | | ious character `*' in name or alias field" detection. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-17594 | ncurses-base | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the _nc_find_entry function | | | | | | in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-201 | | | | | | 91012. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-17595 | ncurses-base | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the fmt_entry function in ti | | | | | | nfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012 | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-29458 | ncurses-bin | 6.0+20161126-1+deb9u2 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen | | | | | | tation violation in convert_strings in tinfo/read_entry.c in the termi | | | | | | nfo library. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-19211 | ncurses-bin | 6.0+20161126-1+deb9u2 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa | | | | | | rse_entry in parse_entry.c that will lead to a denial of service attac | | | | | | k. The product proceeds to the dereference code path even after a "dub | | | | | | ious character `*' in name or alias field" detection. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-17594 | ncurses-bin | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the _nc_find_entry function | | | | | | in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-201 | | | | | | 91012. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-17595 | ncurses-bin | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the fmt_entry function in ti | | | | | | nfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012 | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2018-3183 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O | | | | | | racle Java SE (subcomponent: Scripting). Supported versions that are a | | | | | | ffected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R | | | | | | 28.3.19. Difficult to exploit vulnerability allows unauthenticated att | | | | | | acker with network access via multiple protocols to compromise Java SE | | | | | | , Java SE Embedded, JRockit. While the vulnerability is in Java SE, Ja | | | | | | va SE Embedded, JRockit, attacks may significantly impact additional p | | | | | | roducts. Successful attacks of this vulnerability can result in takeov | | | | | | er of Java SE, Java SE Embedded, JRockit. Note: This vulnerability app | | | | | | lies to Java deployments, typically in clients running sandboxed Java | | | | | | Web Start applications or sandboxed Java applets (in Java SE 8), that | | | | | | load and run untrusted code (e.g. code that comes from the internet) a | | | | | | nd rely on the Java sandbox for security. This vulnerability can also | | | | | | be exploited by using APIs in the specified Component, e.g. through a | | | | | | web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 ( | | | | | | Confidentiality, Integrity and Availability impacts). CVSS Vector: (CV | | | | | | SS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-3149 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O | | | | | | racle Java SE (subcomponent: JNDI). Supported versions that are affect | | | | | | ed are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; J | | | | | | Rockit: R28.3.19. Difficult to exploit vulnerability allows unauthenti | | | | | | cated attacker with network access via multiple protocols to compromis | | | | | | e Java SE, Java SE Embedded, JRockit. Successful attacks require human | | | | | | interaction from a person other than the attacker and while the vulne | | | | | | rability is in Java SE, Java SE Embedded, JRockit, attacks may signifi | | | | | | cantly impact additional products. Successful attacks of this vulnerab | | | | | | ility can result in takeover of Java SE, Java SE Embedded, JRockit. No | | | | | | te: This vulnerability applies to Java deployments, typically in clien | | | | | | ts running sandboxed Java Web Start applications or sandboxed Java app | | | | | | lets (in Java SE 8), that load and run untrusted code (e.g. code that | | | | | | comes from the internet) and rely on the Java sandbox for security. Th | | | | | | is vulnerability can also be exploited by using APIs in the specified | | | | | | Component, e.g. through a web service which supplies data to the APIs. | | | | | | CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability | | | | | | impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-3169 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav | | | | | | a SE (subcomponent: Hotspot). Supported versions that are affected are | | | | | | Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to e | | | | | | xploit vulnerability allows unauthenticated attacker with network acce | | | | | | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc | | | | | | cessful attacks require human interaction from a person other than the | | | | | | attacker and while the vulnerability is in Java SE, Java SE Embedded, | | | | | | attacks may significantly impact additional products. Successful atta | | | | | | cks of this vulnerability can result in takeover of Java SE, Java SE E | | | | | | mbedded. Note: This vulnerability applies to Java deployments, typical | | | | | | ly in clients running sandboxed Java Web Start applications or sandbox | | | | | | ed Java applets (in Java SE 8), that load and run untrusted code (e.g. | | | | | | code that comes from the internet) and rely on the Java sandbox for s | | | | | | ecurity. This vulnerability does not apply to Java deployments, typica | | | | | | lly in servers, that load and run only trusted code (e.g. code install | | | | | | ed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Int | | | | | | egrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR: | | | | | | N/UI:R/S:C/C:H/I:H/A:H). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-2602 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav | | | | | | a SE (subcomponent: Libraries). Supported versions that are affected a | | | | | | re Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easi | | | | | | ly exploitable vulnerability allows unauthenticated attacker with netw | | | | | | ork access via multiple protocols to compromise Java SE, Java SE Embed | | | | | | ded. Successful attacks of this vulnerability can result in unauthoriz | | | | | | ed ability to cause a hang or frequently repeatable crash (complete DO | | | | | | S) of Java SE, Java SE Embedded. Note: This vulnerability can only be | | | | | | exploited by supplying data to APIs in the specified Component without | | | | | | using Untrusted Java Web Start applications or Untrusted Java applets | | | | | | , such as through a web service. CVSS 3.0 Base Score 7.5 (Availability | | | | | | impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-2698 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent | | | | | | : 2D). Supported versions that are affected are Java SE: 7u211 and 8u2 | | | | | | 02. Difficult to exploit vulnerability allows unauthenticated attacker | | | | | | with network access via multiple protocols to compromise Java SE. Suc | | | | | | cessful attacks of this vulnerability can result in takeover of Java S | | | | | | E. Note: This vulnerability applies to Java deployments, typically in | | | | | | clients running sandboxed Java Web Start applications or sandboxed Jav | | | | | | a applets (in Java SE 8), that load and run untrusted code (e.g., code | | | | | | that comes from the internet) and rely on the Java sandbox for securi | | | | | | ty. This vulnerability does not apply to Java deployments, typically i | | | | | | n servers, that load and run only trusted code (e.g., code installed b | | | | | | y an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integri | | | | | | ty and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI | | | | | | :N/S:U/C:H/I:H/A:H). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-14583 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Diffi | | | | | | cult to exploit vulnerability allows unauthenticated attacker with net | | | | | | work access via multiple protocols to compromise Java SE, Java SE Embe | | | | | | dded. Successful attacks require human interaction from a person other | | | | | | than the attacker and while the vulnerability is in Java SE, Java SE | | | | | | Embedded, attacks may significantly impact additional products. Succes | | | | | | sful attacks of this vulnerability can result in takeover of Java SE, | | | | | | Java SE Embedded. Note: This vulnerability applies to Java deployments | | | | | | , typically in clients running sandboxed Java Web Start applications o | | | | | | r sandboxed Java applets, that load and run untrusted code (e.g., code | | | | | | that comes from the internet) and rely on the Java sandbox for securi | | | | | | ty. This vulnerability does not apply to Java deployments, typically i | | | | | | n servers, that load and run only trusted code (e.g., code installed b | | | | | | y an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integri | | | | | | ty and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI | | | | | | :R/S:C/C:H/I:H/A:H). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-14593 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: 2D). Supported versions that are affected are Java SE: | | | | | | 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily explo | | | | | | itable vulnerability allows unauthenticated attacker with network acce | | | | | | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc | | | | | | cessful attacks require human interaction from a person other than the | | | | | | attacker and while the vulnerability is in Java SE, Java SE Embedded, | | | | | | attacks may significantly impact additional products. Successful atta | | | | | | cks of this vulnerability can result in unauthorized creation, deletio | | | | | | n or modification access to critical data or all Java SE, Java SE Embe | | | | | | dded accessible data. Note: This vulnerability applies to Java deploym | | | | | | ents, typically in clients running sandboxed Java Web Start applicatio | | | | | | ns or sandboxed Java applets, that load and run untrusted code (e.g., | | | | | | code that comes from the internet) and rely on the Java sandbox for se | | | | | | curity. This vulnerability does not apply to Java deployments, typical | | | | | | ly in servers, that load and run only trusted code (e.g., code install | | | | | | ed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). | | | | | | CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-2604 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Serialization). Supported versions that are affected ar | | | | | | e Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. D | | | | | | ifficult to exploit vulnerability allows unauthenticated attacker with | | | | | | network access via multiple protocols to compromise Java SE, Java SE | | | | | | Embedded. Successful attacks of this vulnerability can result in takeo | | | | | | ver of Java SE, Java SE Embedded. Note: This vulnerability applies to | | | | | | Java deployments, typically in clients running sandboxed Java Web Star | | | | | | t applications or sandboxed Java applets (in Java SE 8), that load and | | | | | | run untrusted code (e.g., code that comes from the internet) and rely | | | | | | on the Java sandbox for security. This vulnerability can also be expl | | | | | | oited by using APIs in the specified Component, e.g., through a web se | | | | | | rvice which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confi | | | | | | dentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3. | | | | | | 0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-2803 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded | | | | | | . Successful attacks require human interaction from a person other tha | | | | | | n the attacker and while the vulnerability is in Java SE, Java SE Embe | | | | | | dded, attacks may significantly impact additional products. Successful | | | | | | attacks of this vulnerability can result in takeover of Java SE, Java | | | | | | SE Embedded. Note: This vulnerability applies to Java deployments, ty | | | | | | pically in clients running sandboxed Java Web Start applications or sa | | | | | | ndboxed Java applets, that load and run untrusted code (e.g., code tha | | | | | | t comes from the internet) and rely on the Java sandbox for security. | | | | | | This vulnerability does not apply to Java deployments, typically in se | | | | | | rvers, that load and run only trusted code (e.g., code installed by an | | | | | | administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity a | | | | | | nd Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S | | | | | | :C/C:H/I:H/A:H). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-2805 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded | | | | | | . Successful attacks require human interaction from a person other tha | | | | | | n the attacker and while the vulnerability is in Java SE, Java SE Embe | | | | | | dded, attacks may significantly impact additional products. Successful | | | | | | attacks of this vulnerability can result in takeover of Java SE, Java | | | | | | SE Embedded. Note: This vulnerability applies to Java deployments, ty | | | | | | pically in clients running sandboxed Java Web Start applications or sa | | | | | | ndboxed Java applets, that load and run untrusted code (e.g., code tha | | | | | | t comes from the internet) and rely on the Java sandbox for security. | | | | | | This vulnerability does not apply to Java deployments, typically in se | | | | | | rvers, that load and run only trusted code (e.g., code installed by an | | | | | | administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity a | | | | | | nd Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S | | | | | | :C/C:H/I:H/A:H). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-3180 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O | | | | | | racle Java SE (subcomponent: JSSE). Supported versions that are affect | | | | | | ed are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; J | | | | | | Rockit: R28.3.19. Difficult to exploit vulnerability allows unauthenti | | | | | | cated attacker with network access via SSL/TLS to compromise Java SE, | | | | | | Java SE Embedded, JRockit. Successful attacks of this vulnerability ca | | | | | | n result in unauthorized update, insert or delete access to some of Ja | | | | | | va SE, Java SE Embedded, JRockit accessible data as well as unauthoriz | | | | | | ed read access to a subset of Java SE, Java SE Embedded, JRockit acces | | | | | | sible data and unauthorized ability to cause a partial denial of servi | | | | | | ce (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vul | | | | | | nerability applies to Java deployments, typically in clients running s | | | | | | andboxed Java Web Start applications or sandboxed Java applets (in Jav | | | | | | a SE 8), that load and run untrusted code (e.g. code that comes from t | | | | | | he internet) and rely on the Java sandbox for security. This vulnerabi | | | | | | lity can also be exploited by using APIs in the specified Component, e | | | | | | .g. through a web service which supplies data to the APIs. CVSS 3.0 Ba | | | | | | se Score 5.6 (Confidentiality, Integrity and Availability impacts). CV | | | | | | SS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-3214 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O | | | | | | racle Java SE (subcomponent: Sound). Supported versions that are affec | | | | | | ted are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRoc | | | | | | kit: R28.3.19. Easily exploitable vulnerability allows unauthenticated | | | | | | attacker with network access via multiple protocols to compromise Jav | | | | | | a SE, Java SE Embedded, JRockit. Successful attacks of this vulnerabil | | | | | | ity can result in unauthorized ability to cause a partial denial of se | | | | | | rvice (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This | | | | | | vulnerability applies to Java deployments, typically in clients runnin | | | | | | g sandboxed Java Web Start applications or sandboxed Java applets (in | | | | | | Java SE 8), that load and run untrusted code (e.g., code that comes fr | | | | | | om the internet) and rely on the Java sandbox for security. This vulne | | | | | | rability can also be exploited by using APIs in the specified Componen | | | | | | t, e.g. through a web service which supplies data to the APIs. CVSS 3. | | | | | | 0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/A | | | | | | C:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2684 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav | | | | | | a SE (subcomponent: RMI). Supported versions that are affected are Jav | | | | | | a SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded. | | | | | | Successful attacks of this vulnerability can result in unauthorized c | | | | | | reation, deletion or modification access to critical data or all Java | | | | | | SE, Java SE Embedded accessible data. Note: This vulnerability applies | | | | | | to Java deployments, typically in clients running sandboxed Java Web | | | | | | Start applications or sandboxed Java applets (in Java SE 8), that load | | | | | | and run untrusted code (e.g., code that comes from the internet) and | | | | | | rely on the Java sandbox for security. This vulnerability can also be | | | | | | exploited by using APIs in the specified Component, e.g., through a we | | | | | | b service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (In | | | | | | tegrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I | | | | | | :H/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2745 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent | | | | | | : Security). Supported versions that are affected are Java SE: 7u221, | | | | | | 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenti | | | | | | cated attacker with logon to the infrastructure where Java SE executes | | | | | | to compromise Java SE. Successful attacks of this vulnerability can r | | | | | | esult in unauthorized access to critical data or complete access to al | | | | | | l Java SE accessible data. Note: This vulnerability applies to Java de | | | | | | ployments, typically in clients running sandboxed Java Web Start appli | | | | | | cations or sandboxed Java applets (in Java SE 8), that load and run un | | | | | | trusted code (e.g., code that comes from the internet) and rely on the | | | | | | Java sandbox for security. This vulnerability can also be exploited b | | | | | | y using APIs in the specified Component, e.g., through a web service w | | | | | | hich supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiali | | | | | | ty impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A: | | | | | | N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2762 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav | | | | | | a SE (subcomponent: Utilities). Supported versions that are affected a | | | | | | re Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. | | | | | | Easily exploitable vulnerability allows unauthenticated attacker with | | | | | | network access via multiple protocols to compromise Java SE, Java SE E | | | | | | mbedded. Successful attacks of this vulnerability can result in unauth | | | | | | orized ability to cause a partial denial of service (partial DOS) of J | | | | | | ava SE, Java SE Embedded. Note: This vulnerability applies to Java dep | | | | | | loyments, typically in clients running sandboxed Java Web Start applic | | | | | | ations or sandboxed Java applets (in Java SE 8), that load and run unt | | | | | | rusted code (e.g., code that comes from the internet) and rely on the | | | | | | Java sandbox for security. This vulnerability can also be exploited by | | | | | | using APIs in the specified Component, e.g., through a web service wh | | | | | | ich supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability i | | | | | | mpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2769 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav | | | | | | a SE (subcomponent: Utilities). Supported versions that are affected a | | | | | | re Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. | | | | | | Easily exploitable vulnerability allows unauthenticated attacker with | | | | | | network access via multiple protocols to compromise Java SE, Java SE E | | | | | | mbedded. Successful attacks of this vulnerability can result in unauth | | | | | | orized ability to cause a partial denial of service (partial DOS) of J | | | | | | ava SE, Java SE Embedded. Note: This vulnerability applies to Java dep | | | | | | loyments, typically in clients running sandboxed Java Web Start applic | | | | | | ations or sandboxed Java applets (in Java SE 8), that load and run unt | | | | | | rusted code (e.g., code that comes from the internet) and rely on the | | | | | | Java sandbox for security. This vulnerability can also be exploited by | | | | | | using APIs in the specified Component, e.g., through a web service wh | | | | | | ich supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability i | | | | | | mpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2816 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav | | | | | | a SE (subcomponent: Networking). Supported versions that are affected | | | | | | are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. | | | | | | Difficult to exploit vulnerability allows unauthenticated attacker wi | | | | | | th network access via multiple protocols to compromise Java SE, Java S | | | | | | E Embedded. Successful attacks of this vulnerability can result in una | | | | | | uthorized update, insert or delete access to some of Java SE, Java SE | | | | | | Embedded accessible data as well as unauthorized read access to a subs | | | | | | et of Java SE, Java SE Embedded accessible data. Note: This vulnerabil | | | | | | ity applies to Java deployments, typically in clients running sandboxe | | | | | | d Java Web Start applications or sandboxed Java applets (in Java SE 8) | | | | | | , that load and run untrusted code (e.g., code that comes from the int | | | | | | ernet) and rely on the Java sandbox for security. This vulnerability c | | | | | | an also be exploited by using APIs in the specified Component, e.g., t | | | | | | hrough a web service which supplies data to the APIs. CVSS 3.0 Base Sc | | | | | | ore 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3. | | | | | | 0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2949 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Kerberos). Supported versions that are affected are Jav | | | | | | a SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via Kerberos to compromise Java SE, Java SE Embedded. While the | | | | | | vulnerability is in Java SE, Java SE Embedded, attacks may significan | | | | | | tly impact additional products. Successful attacks of this vulnerabili | | | | | | ty can result in unauthorized access to critical data or complete acce | | | | | | ss to all Java SE, Java SE Embedded accessible data. Note: This vulner | | | | | | ability applies to Java deployments, typically in clients running sand | | | | | | boxed Java Web Start applications or sandboxed Java applets (in Java S | | | | | | E 8), that load and run untrusted code (e.g., code that comes from the | | | | | | internet) and rely on the Java sandbox for security. This vulnerabili | | | | | | ty can also be exploited by using APIs in the specified Component, e.g | | | | | | ., through a web service which supplies data to the APIs. CVSS 3.0 Bas | | | | | | e Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC: | | | | | | H/PR:N/UI:N/S:C/C:H/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2975 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Scripting). Supported versions that are affected are Ja | | | | | | va SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exp | | | | | | loit vulnerability allows unauthenticated attacker with network access | | | | | | via multiple protocols to compromise Java SE, Java SE Embedded. Succe | | | | | | ssful attacks of this vulnerability can result in unauthorized update, | | | | | | insert or delete access to some of Java SE, Java SE Embedded accessib | | | | | | le data and unauthorized ability to cause a partial denial of service | | | | | | (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability a | | | | | | pplies to Java deployments, typically in clients running sandboxed Jav | | | | | | a Web Start applications or sandboxed Java applets (in Java SE 8), tha | | | | | | t load and run untrusted code (e.g., code that comes from the internet | | | | | | ) and rely on the Java sandbox for security. This vulnerability can al | | | | | | so be exploited by using APIs in the specified Component, e.g., throug | | | | | | h a web service which supplies data to the APIs. CVSS 3.0 Base Score 4 | | | | | | .8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/A | | | | | | C:H/PR:N/UI:N/S:U/C:N/I:L/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2989 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Networking). Supported versions that are affected are J | | | | | | ava SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficul | | | | | | t to exploit vulnerability allows unauthenticated attacker with networ | | | | | | k access via multiple protocols to compromise Java SE, Java SE Embedde | | | | | | d. While the vulnerability is in Java SE, Java SE Embedded, attacks ma | | | | | | y significantly impact additional products. Successful attacks of this | | | | | | vulnerability can result in unauthorized creation, deletion or modifi | | | | | | cation access to critical data or all Java SE, Java SE Embedded access | | | | | | ible data. Note: This vulnerability applies to Java deployments, typic | | | | | | ally in clients running sandboxed Java Web Start applications or sandb | | | | | | oxed Java applets (in Java SE 8), that load and run untrusted code (e. | | | | | | g., code that comes from the internet) and rely on the Java sandbox fo | | | | | | r security. This vulnerability can also be exploited by using APIs in | | | | | | the specified Component, e.g., through a web service which supplies da | | | | | | ta to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vec | | | | | | tor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-2999 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE product of Oracle Java SE (component: Jav | | | | | | adoc). Supported versions that are affected are Java SE: 7u231, 8u221, | | | | | | 11.0.4 and 13. Difficult to exploit vulnerability allows unauthentica | | | | | | ted attacker with network access via multiple protocols to compromise | | | | | | Java SE. Successful attacks require human interaction from a person ot | | | | | | her than the attacker and while the vulnerability is in Java SE, attac | | | | | | ks may significantly impact additional products. Successful attacks of | | | | | | this vulnerability can result in unauthorized update, insert or delet | | | | | | e access to some of Java SE accessible data as well as unauthorized re | | | | | | ad access to a subset of Java SE accessible data. Note: This vulnerabi | | | | | | lity applies to Java deployments, typically in clients running sandbox | | | | | | ed Java Web Start applications or sandboxed Java applets (in Java SE 8 | | | | | | ), that load and run untrusted code (e.g., code that comes from the in | | | | | | ternet) and rely on the Java sandbox for security. This vulnerability | | | | | | does not apply to Java deployments, typically in servers, that load an | | | | | | d run only trusted code (e.g., code installed by an administrator). CV | | | | | | SS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Ve | | | | | | ctor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14556 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to | | | | | | exploit vulnerability allows unauthenticated attacker with network ac | | | | | | cess via multiple protocols to compromise Java SE, Java SE Embedded. S | | | | | | uccessful attacks of this vulnerability can result in unauthorized upd | | | | | | ate, insert or delete access to some of Java SE, Java SE Embedded acce | | | | | | ssible data as well as unauthorized read access to a subset of Java SE | | | | | | , Java SE Embedded accessible data. Note: Applies to client and server | | | | | | deployment of Java. This vulnerability can be exploited through sandb | | | | | | oxed Java Web Start applications and sandboxed Java applets. It can al | | | | | | so be exploited by supplying data to APIs in the specified Component w | | | | | | ithout using sandboxed Java Web Start applications or sandboxed Java a | | | | | | pplets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confid | | | | | | entiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR: | | | | | | N/UI:N/S:U/C:L/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14621 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: JAXP). Supported versions that are affected are Java SE | | | | | | : 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exp | | | | | | loitable vulnerability allows unauthenticated attacker with network ac | | | | | | cess via multiple protocols to compromise Java SE, Java SE Embedded. S | | | | | | uccessful attacks of this vulnerability can result in unauthorized upd | | | | | | ate, insert or delete access to some of Java SE, Java SE Embedded acce | | | | | | ssible data. Note: This vulnerability can only be exploited by supplyi | | | | | | ng data to APIs in the specified Component without using Untrusted Jav | | | | | | a Web Start applications or Untrusted Java applets, such as through a | | | | | | web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: | | | | | | (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14779 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Serialization). Supported versions that are affected ar | | | | | | e Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Diffi | | | | | | cult to exploit vulnerability allows unauthenticated attacker with net | | | | | | work access via multiple protocols to compromise Java SE, Java SE Embe | | | | | | dded. Successful attacks of this vulnerability can result in unauthori | | | | | | zed ability to cause a partial denial of service (partial DOS) of Java | | | | | | SE, Java SE Embedded. Note: Applies to client and server deployment o | | | | | | f Java. This vulnerability can be exploited through sandboxed Java Web | | | | | | Start applications and sandboxed Java applets. It can also be exploit | | | | | | ed by supplying data to APIs in the specified Component without using | | | | | | sandboxed Java Web Start applications or sandboxed Java applets, such | | | | | | as through a web service. CVSS 3.1 Base Score 3.7 (Availability impact | | | | | | s). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14781 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: JNDI). Supported versions that are affected are Java SE | | | | | | : 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to e | | | | | | xploit vulnerability allows unauthenticated attacker with network acce | | | | | | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc | | | | | | cessful attacks of this vulnerability can result in unauthorized read | | | | | | access to a subset of Java SE, Java SE Embedded accessible data. Note: | | | | | | Applies to client and server deployment of Java. This vulnerability c | | | | | | an be exploited through sandboxed Java Web Start applications and sand | | | | | | boxed Java applets. It can also be exploited by supplying data to APIs | | | | | | in the specified Component without using sandboxed Java Web Start app | | | | | | lications or sandboxed Java applets, such as through a web service. CV | | | | | | SS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3. | | | | | | 1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14782 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded | | | | | | . Successful attacks of this vulnerability can result in unauthorized | | | | | | update, insert or delete access to some of Java SE, Java SE Embedded a | | | | | | ccessible data. Note: Applies to client and server deployment of Java. | | | | | | This vulnerability can be exploited through sandboxed Java Web Start | | | | | | applications and sandboxed Java applets. It can also be exploited by s | | | | | | upplying data to APIs in the specified Component without using sandbox | | | | | | ed Java Web Start applications or sandboxed Java applets, such as thro | | | | | | ugh a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS V | | | | | | ector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14792 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Hotspot). Supported versions that are affected are Java | | | | | | SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult t | | | | | | o exploit vulnerability allows unauthenticated attacker with network a | | | | | | ccess via multiple protocols to compromise Java SE, Java SE Embedded. | | | | | | Successful attacks require human interaction from a person other than | | | | | | the attacker. Successful attacks of this vulnerability can result in u | | | | | | nauthorized update, insert or delete access to some of Java SE, Java S | | | | | | E Embedded accessible data as well as unauthorized read access to a su | | | | | | bset of Java SE, Java SE Embedded accessible data. Note: Applies to cl | | | | | | ient and server deployment of Java. This vulnerability can be exploite | | | | | | d through sandboxed Java Web Start applications and sandboxed Java app | | | | | | lets. It can also be exploited by supplying data to APIs in the specif | | | | | | ied Component without using sandboxed Java Web Start applications or s | | | | | | andboxed Java applets, such as through a web service. CVSS 3.1 Base Sc | | | | | | ore 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3. | | | | | | 1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14797 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded | | | | | | . Successful attacks of this vulnerability can result in unauthorized | | | | | | update, insert or delete access to some of Java SE, Java SE Embedded a | | | | | | ccessible data. Note: Applies to client and server deployment of Java. | | | | | | This vulnerability can be exploited through sandboxed Java Web Start | | | | | | applications and sandboxed Java applets. It can also be exploited by s | | | | | | upplying data to APIs in the specified Component without using sandbox | | | | | | ed Java Web Start applications or sandboxed Java applets, such as thro | | | | | | ugh a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS V | | | | | | ector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-14803 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE product of Oracle Java SE (component: Lib | | | | | | raries). Supported versions that are affected are Java SE: 11.0.8 and | | | | | | 15. Easily exploitable vulnerability allows unauthenticated attacker w | | | | | | ith network access via multiple protocols to compromise Java SE. Succe | | | | | | ssful attacks of this vulnerability can result in unauthorized read ac | | | | | | cess to a subset of Java SE accessible data. Note: This vulnerability | | | | | | applies to Java deployments, typically in clients running sandboxed Ja | | | | | | va Web Start applications or sandboxed Java applets, that load and run | | | | | | untrusted code (e.g., code that comes from the internet) and rely on | | | | | | the Java sandbox for security. This vulnerability does not apply to Ja | | | | | | va deployments, typically in servers, that load and run only trusted c | | | | | | ode (e.g., code installed by an administrator). CVSS 3.1 Base Score 5. | | | | | | 3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI: | | | | | | N/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-2593 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Networking). Supported versions that are affected are J | | | | | | ava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Diff | | | | | | icult to exploit vulnerability allows unauthenticated attacker with ne | | | | | | twork access via multiple protocols to compromise Java SE, Java SE Emb | | | | | | edded. Successful attacks of this vulnerability can result in unauthor | | | | | | ized update, insert or delete access to some of Java SE, Java SE Embed | | | | | | ded accessible data as well as unauthorized read access to a subset of | | | | | | Java SE, Java SE Embedded accessible data. Note: This vulnerability a | | | | | | pplies to Java deployments, typically in clients running sandboxed Jav | | | | | | a Web Start applications or sandboxed Java applets (in Java SE 8), tha | | | | | | t load and run untrusted code (e.g., code that comes from the internet | | | | | | ) and rely on the Java sandbox for security. This vulnerability can al | | | | | | so be exploited by using APIs in the specified Component, e.g., throug | | | | | | h a web service which supplies data to the APIs. CVSS 3.0 Base Score 4 | | | | | | .8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV: | | | | | | N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-2601 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Security). Supported versions that are affected are Jav | | | | | | a SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Diffic | | | | | | ult to exploit vulnerability allows unauthenticated attacker with netw | | | | | | ork access via Kerberos to compromise Java SE, Java SE Embedded. While | | | | | | the vulnerability is in Java SE, Java SE Embedded, attacks may signif | | | | | | icantly impact additional products. Successful attacks of this vulnera | | | | | | bility can result in unauthorized access to critical data or complete | | | | | | access to all Java SE, Java SE Embedded accessible data. Note: This vu | | | | | | lnerability applies to Java deployments, typically in clients running | | | | | | sandboxed Java Web Start applications or sandboxed Java applets (in Ja | | | | | | va SE 8), that load and run untrusted code (e.g., code that comes from | | | | | | the internet) and rely on the Java sandbox for security. This vulnera | | | | | | bility can also be exploited by using APIs in the specified Component, | | | | | | e.g., through a web service which supplies data to the APIs. CVSS 3.0 | | | | | | Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N | | | | | | /AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-2781 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: JSSE). Supported versions that are affected are Java SE | | | | | | : 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploit | | | | | | able vulnerability allows unauthenticated attacker with network access | | | | | | via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks | | | | | | of this vulnerability can result in unauthorized ability to cause a p | | | | | | artial denial of service (partial DOS) of Java SE, Java SE Embedded. N | | | | | | ote: Applies to client and server deployment of Java. This vulnerabili | | | | | | ty can be exploited through sandboxed Java Web Start applications and | | | | | | sandboxed Java applets. It can also be exploited by supplying data to | | | | | | APIs in the specified Component without using sandboxed Java Web Start | | | | | | applications or sandboxed Java applets, such as through a web service | | | | | | . CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3 | | | | | | .0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-2800 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Lightweight HTTP Server). Supported versions that are a | | | | | | ffected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u | | | | | | 241. Difficult to exploit vulnerability allows unauthenticated attacke | | | | | | r with network access via multiple protocols to compromise Java SE, Ja | | | | | | va SE Embedded. Successful attacks of this vulnerability can result in | | | | | | unauthorized update, insert or delete access to some of Java SE, Java | | | | | | SE Embedded accessible data as well as unauthorized read access to a | | | | | | subset of Java SE, Java SE Embedded accessible data. Note: This vulner | | | | | | ability can only be exploited by supplying data to APIs in the specifi | | | | | | ed Component without using Untrusted Java Web Start applications or Un | | | | | | trusted Java applets, such as through a web service. CVSS 3.0 Base Sco | | | | | | re 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0 | | | | | | /AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-2830 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Concurrency). Supported versions that are affected are | | | | | | Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily | | | | | | exploitable vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded | | | | | | . Successful attacks of this vulnerability can result in unauthorized | | | | | | ability to cause a partial denial of service (partial DOS) of Java SE, | | | | | | Java SE Embedded. Note: Applies to client and server deployment of Ja | | | | | | va. This vulnerability can be exploited through sandboxed Java Web Sta | | | | | | rt applications and sandboxed Java applets. It can also be exploited b | | | | | | y supplying data to APIs in the specified Component without using sand | | | | | | boxed Java Web Start applications or sandboxed Java applets, such as t | | | | | | hrough a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). | | | | | | CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-2341 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: Networking). Supported versions that a | | | | | | re affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM | | | | | | Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerabi | | | | | | lity allows unauthenticated attacker with network access via multiple | | | | | | protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Su | | | | | | ccessful attacks require human interaction from a person other than th | | | | | | e attacker. Successful attacks of this vulnerability can result in una | | | | | | uthorized read access to a subset of Java SE, Oracle GraalVM Enterpris | | | | | | e Edition accessible data. Note: This vulnerability applies to Java de | | | | | | ployments, typically in clients running sandboxed Java Web Start appli | | | | | | cations or sandboxed Java applets, that load and run untrusted code (e | | | | | | .g., code that comes from the internet) and rely on the Java sandbox f | | | | | | or security. This vulnerability does not apply to Java deployments, ty | | | | | | pically in servers, that load and run only trusted code (e.g., code in | | | | | | stalled by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality | | | | | | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-2369 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: Library). Supported versions that are | | | | | | affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM En | | | | | | terprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability | | | | | | allows unauthenticated attacker with network access via multiple proto | | | | | | cols to compromise Java SE, Oracle GraalVM Enterprise Edition. Success | | | | | | ful attacks require human interaction from a person other than the att | | | | | | acker. Successful attacks of this vulnerability can result in unauthor | | | | | | ized update, insert or delete access to some of Java SE, Oracle GraalV | | | | | | M Enterprise Edition accessible data. Note: This vulnerability applies | | | | | | to Java deployments, typically in clients running sandboxed Java Web | | | | | | Start applications or sandboxed Java applets, that load and run untrus | | | | | | ted code (e.g., code that comes from the internet) and rely on the Jav | | | | | | a sandbox for security. This vulnerability does not apply to Java depl | | | | | | oyments, typically in servers, that load and run only trusted code (e. | | | | | | g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Inte | | | | | | grity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L | | | | | | /A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-2388 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: Hotspot). Supported versions that are | | | | | | affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterpris | | | | | | e Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allow | | | | | | s unauthenticated attacker with network access via multiple protocols | | | | | | to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful a | | | | | | ttacks require human interaction from a person other than the attacker | | | | | | . Successful attacks of this vulnerability can result in takeover of J | | | | | | ava SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability ap | | | | | | plies to Java deployments, typically in clients running sandboxed Java | | | | | | Web Start applications or sandboxed Java applets, that load and run u | | | | | | ntrusted code (e.g., code that comes from the internet) and rely on th | | | | | | e Java sandbox for security. This vulnerability does not apply to Java | | | | | | deployments, typically in servers, that load and run only trusted cod | | | | | | e (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 | | | | | | (Confidentiality, Integrity and Availability impacts). CVSS Vector: (C | | | | | | VSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-35550 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: JSSE). Supported versions that are aff | | | | | | ected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Ed | | | | | | ition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows un | | | | | | authenticated attacker with network access via TLS to compromise Java | | | | | | SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vuln | | | | | | erability can result in unauthorized access to critical data or comple | | | | | | te access to all Java SE, Oracle GraalVM Enterprise Edition accessible | | | | | | data. Note: This vulnerability applies to Java deployments, typically | | | | | | in clients running sandboxed Java Web Start applications or sandboxed | | | | | | Java applets, that load and run untrusted code (e.g., code that comes | | | | | | from the internet) and rely on the Java sandbox for security. This vu | | | | | | lnerability can also be exploited by using APIs in the specified Compo | | | | | | nent, e.g., through a web service which supplies data to the APIs. CVS | | | | | | S 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1 | | | | | | /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-35556 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: Swing). Supported versions that are af | | | | | | fected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterpri | | | | | | se Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows | | | | | | unauthenticated attacker with network access via multiple protocols t | | | | | | o compromise Java SE, Oracle GraalVM Enterprise Edition. Successful at | | | | | | tacks of this vulnerability can result in unauthorized ability to caus | | | | | | e a partial denial of service (partial DOS) of Java SE, Oracle GraalVM | | | | | | Enterprise Edition. Note: This vulnerability applies to Java deployme | | | | | | nts, typically in clients running sandboxed Java Web Start application | | | | | | s or sandboxed Java applets, that load and run untrusted code (e.g., c | | | | | | ode that comes from the internet) and rely on the Java sandbox for sec | | | | | | urity. This vulnerability does not apply to Java deployments, typicall | | | | | | y in servers, that load and run only trusted code (e.g., code installe | | | | | | d by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts) | | | | | | . CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-35559 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: Swing). Supported versions that are af | | | | | | fected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterpri | | | | | | se Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows | | | | | | unauthenticated attacker with network access via multiple protocols t | | | | | | o compromise Java SE, Oracle GraalVM Enterprise Edition. Successful at | | | | | | tacks of this vulnerability can result in unauthorized ability to caus | | | | | | e a partial denial of service (partial DOS) of Java SE, Oracle GraalVM | | | | | | Enterprise Edition. Note: This vulnerability applies to Java deployme | | | | | | nts, typically in clients running sandboxed Java Web Start application | | | | | | s or sandboxed Java applets, that load and run untrusted code (e.g., c | | | | | | ode that comes from the internet) and rely on the Java sandbox for sec | | | | | | urity. This vulnerability can also be exploited by using APIs in the s | | | | | | pecified Component, e.g., through a web service which supplies data to | | | | | | the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector | | | | | | : (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-35561 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: Utility). Supported versions that are | | | | | | affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterp | | | | | | rise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allo | | | | | | ws unauthenticated attacker with network access via multiple protocols | | | | | | to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful | | | | | | attacks of this vulnerability can result in unauthorized ability to ca | | | | | | use a partial denial of service (partial DOS) of Java SE, Oracle Graal | | | | | | VM Enterprise Edition. Note: This vulnerability applies to Java deploy | | | | | | ments, typically in clients running sandboxed Java Web Start applicati | | | | | | ons or sandboxed Java applets, that load and run untrusted code (e.g., | | | | | | code that comes from the internet) and rely on the Java sandbox for s | | | | | | ecurity. This vulnerability can also be exploited by using APIs in the | | | | | | specified Component, e.g., through a web service which supplies data | | | | | | to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vect | | | | | | or: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-35564 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: Keytool). Supported versions that are | | | | | | affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterp | | | | | | rise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allo | | | | | | ws unauthenticated attacker with network access via multiple protocols | | | | | | to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful | | | | | | attacks of this vulnerability can result in unauthorized update, inser | | | | | | t or delete access to some of Java SE, Oracle GraalVM Enterprise Editi | | | | | | on accessible data. Note: This vulnerability applies to Java deploymen | | | | | | ts, typically in clients running sandboxed Java Web Start applications | | | | | | or sandboxed Java applets, that load and run untrusted code (e.g., co | | | | | | de that comes from the internet) and rely on the Java sandbox for secu | | | | | | rity. This vulnerability can also be exploited by using APIs in the sp | | | | | | ecified Component, e.g., through a web service which supplies data to | | | | | | the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (C | | | | | | VSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-35565 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: JSSE). Supported versions that are aff | | | | | | ected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Ed | | | | | | ition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unau | | | | | | thenticated attacker with network access via TLS to compromise Java SE | | | | | | , Oracle GraalVM Enterprise Edition. Successful attacks of this vulner | | | | | | ability can result in unauthorized ability to cause a partial denial o | | | | | | f service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. | | | | | | Note: This vulnerability can only be exploited by supplying data to A | | | | | | PIs in the specified Component without using Untrusted Java Web Start | | | | | | applications or Untrusted Java applets, such as through a web service. | | | | | | CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3. | | | | | | 1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-35567 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: Libraries). Supported versions that ar | | | | | | e affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise | | | | | | Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows lo | | | | | | w privileged attacker with network access via Kerberos to compromise J | | | | | | ava SE, Oracle GraalVM Enterprise Edition. Successful attacks require | | | | | | human interaction from a person other than the attacker and while the | | | | | | vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attack | | | | | | s may significantly impact additional products. Successful attacks of | | | | | | this vulnerability can result in unauthorized access to critical data | | | | | | or complete access to all Java SE, Oracle GraalVM Enterprise Edition a | | | | | | ccessible data. Note: This vulnerability applies to Java deployments, | | | | | | typically in clients running sandboxed Java Web Start applications or | | | | | | sandboxed Java applets, that load and run untrusted code (e.g., code t | | | | | | hat comes from the internet) and rely on the Java sandbox for security | | | | | | . This vulnerability can also be exploited by using APIs in the specif | | | | | | ied Component, e.g., through a web service which supplies data to the | | | | | | APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: | | | | | | (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-35578 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: JSSE). Supported versions that are aff | | | | | | ected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Editi | | | | | | on: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthe | | | | | | nticated attacker with network access via TLS to compromise Java SE, O | | | | | | racle GraalVM Enterprise Edition. Successful attacks of this vulnerabi | | | | | | lity can result in unauthorized ability to cause a partial denial of s | | | | | | ervice (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. No | | | | | | te: This vulnerability can only be exploited by supplying data to APIs | | | | | | in the specified Component without using Untrusted Java Web Start app | | | | | | lications or Untrusted Java applets, such as through a web service. CV | | | | | | SS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/A | | | | | | V:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-35586 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: ImageIO). Supported versions that are | | | | | | affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterp | | | | | | rise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allo | | | | | | ws unauthenticated attacker with network access via multiple protocols | | | | | | to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful | | | | | | attacks of this vulnerability can result in unauthorized ability to ca | | | | | | use a partial denial of service (partial DOS) of Java SE, Oracle Graal | | | | | | VM Enterprise Edition. Note: This vulnerability applies to Java deploy | | | | | | ments, typically in clients running sandboxed Java Web Start applicati | | | | | | ons or sandboxed Java applets, that load and run untrusted code (e.g., | | | | | | code that comes from the internet) and rely on the Java sandbox for s | | | | | | ecurity. This vulnerability can also be exploited by using APIs in the | | | | | | specified Component, e.g., through a web service which supplies data | | | | | | to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vect | | | | | | or: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21248 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Serialization). Supported versi | | | | | | ons that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0. | | | | | | 1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to | | | | | | exploit vulnerability allows unauthenticated attacker with network acc | | | | | | ess via multiple protocols to compromise Oracle Java SE, Oracle GraalV | | | | | | M Enterprise Edition. Successful attacks of this vulnerability can res | | | | | | ult in unauthorized update, insert or delete access to some of Oracle | | | | | | Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This | | | | | | vulnerability applies to Java deployments, typically in clients runni | | | | | | ng sandboxed Java Web Start applications or sandboxed Java applets, th | | | | | | at load and run untrusted code (e.g., code that comes from the interne | | | | | | t) and rely on the Java sandbox for security. This vulnerability can a | | | | | | lso be exploited by using APIs in the specified Component, e.g., throu | | | | | | gh a web service which supplies data to the APIs. CVSS 3.1 Base Score | | | | | | 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S: | | | | | | U/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21282 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: JAXP). Supported versions that | | | | | | are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle | | | | | | GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vul | | | | | | nerability allows unauthenticated attacker with network access via mul | | | | | | tiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpris | | | | | | e Edition. Successful attacks of this vulnerability can result in unau | | | | | | thorized read access to a subset of Oracle Java SE, Oracle GraalVM Ent | | | | | | erprise Edition accessible data. Note: This vulnerability applies to J | | | | | | ava deployments, typically in clients running sandboxed Java Web Start | | | | | | applications or sandboxed Java applets, that load and run untrusted c | | | | | | ode (e.g., code that comes from the internet) and rely on the Java san | | | | | | dbox for security. This vulnerability can also be exploited by using A | | | | | | PIs in the specified Component, e.g., through a web service which supp | | | | | | lies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impact | | | | | | s). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21283 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Libraries). Supported versions | | | | | | that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM | | | | | | Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerabilit | | | | | | y allows unauthenticated attacker with network access via multiple pro | | | | | | tocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | . Successful attacks of this vulnerability can result in unauthorized | | | | | | ability to cause a partial denial of service (partial DOS) of Oracle J | | | | | | ava SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability ap | | | | | | plies to Java deployments, typically in clients running sandboxed Java | | | | | | Web Start applications or sandboxed Java applets, that load and run u | | | | | | ntrusted code (e.g., code that comes from the internet) and rely on th | | | | | | e Java sandbox for security. This vulnerability can also be exploited | | | | | | by using APIs in the specified Component, e.g., through a web service | | | | | | which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability | | | | | | impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) | | | | | | . | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21293 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Libraries). Supported versions | | | | | | that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; O | | | | | | racle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitabl | | | | | | e vulnerability allows unauthenticated attacker with network access vi | | | | | | a multiple protocols to compromise Oracle Java SE, Oracle GraalVM Ente | | | | | | rprise Edition. Successful attacks of this vulnerability can result in | | | | | | unauthorized ability to cause a partial denial of service (partial DO | | | | | | S) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vu | | | | | | lnerability applies to Java deployments, typically in clients running | | | | | | sandboxed Java Web Start applications or sandboxed Java applets, that | | | | | | load and run untrusted code (e.g., code that comes from the internet) | | | | | | and rely on the Java sandbox for security. This vulnerability can also | | | | | | be exploited by using APIs in the specified Component, e.g., through | | | | | | a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 | | | | | | (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S: | | | | | | U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21294 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Libraries). Supported versions | | | | | | that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; O | | | | | | racle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitabl | | | | | | e vulnerability allows unauthenticated attacker with network access vi | | | | | | a multiple protocols to compromise Oracle Java SE, Oracle GraalVM Ente | | | | | | rprise Edition. Successful attacks of this vulnerability can result in | | | | | | unauthorized ability to cause a partial denial of service (partial DO | | | | | | S) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vu | | | | | | lnerability applies to Java deployments, typically in clients running | | | | | | sandboxed Java Web Start applications or sandboxed Java applets, that | | | | | | load and run untrusted code (e.g., code that comes from the internet) | | | | | | and rely on the Java sandbox for security. This vulnerability can also | | | | | | be exploited by using APIs in the specified Component, e.g., through | | | | | | a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 | | | | | | (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S: | | | | | | U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21296 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: JAXP). Supported versions that | | | | | | are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle | | | | | | GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vul | | | | | | nerability allows unauthenticated attacker with network access via mul | | | | | | tiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpris | | | | | | e Edition. Successful attacks of this vulnerability can result in unau | | | | | | thorized read access to a subset of Oracle Java SE, Oracle GraalVM Ent | | | | | | erprise Edition accessible data. Note: This vulnerability applies to J | | | | | | ava deployments, typically in clients running sandboxed Java Web Start | | | | | | applications or sandboxed Java applets, that load and run untrusted c | | | | | | ode (e.g., code that comes from the internet) and rely on the Java san | | | | | | dbox for security. This vulnerability can also be exploited by using A | | | | | | PIs in the specified Component, e.g., through a web service which supp | | | | | | lies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impact | | | | | | s). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21299 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: JAXP). Supported versions that | | | | | | are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle | | | | | | GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vul | | | | | | nerability allows unauthenticated attacker with network access via mul | | | | | | tiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpris | | | | | | e Edition. Successful attacks of this vulnerability can result in unau | | | | | | thorized ability to cause a partial denial of service (partial DOS) of | | | | | | Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnera | | | | | | bility applies to Java deployments, typically in clients running sandb | | | | | | oxed Java Web Start applications or sandboxed Java applets, that load | | | | | | and run untrusted code (e.g., code that comes from the internet) and r | | | | | | ely on the Java sandbox for security. This vulnerability can also be e | | | | | | xploited by using APIs in the specified Component, e.g., through a web | | | | | | service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Ava | | | | | | ilability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N | | | | | | /I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21305 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Hotspot). Supported versions th | | | | | | at are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Ora | | | | | | cle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable | | | | | | vulnerability allows unauthenticated attacker with network access via | | | | | | multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterp | | | | | | rise Edition. Successful attacks of this vulnerability can result in u | | | | | | nauthorized update, insert or delete access to some of Oracle Java SE, | | | | | | Oracle GraalVM Enterprise Edition accessible data. Note: This vulnera | | | | | | bility applies to Java deployments, typically in clients running sandb | | | | | | oxed Java Web Start applications or sandboxed Java applets, that load | | | | | | and run untrusted code (e.g., code that comes from the internet) and r | | | | | | ely on the Java sandbox for security. This vulnerability can also be e | | | | | | xploited by using APIs in the specified Component, e.g., through a web | | | | | | service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Int | | | | | | egrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I: | | | | | | L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21340 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Libraries). Supported versions | | | | | | that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; O | | | | | | racle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitabl | | | | | | e vulnerability allows unauthenticated attacker with network access vi | | | | | | a multiple protocols to compromise Oracle Java SE, Oracle GraalVM Ente | | | | | | rprise Edition. Successful attacks of this vulnerability can result in | | | | | | unauthorized ability to cause a partial denial of service (partial DO | | | | | | S) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vu | | | | | | lnerability applies to Java deployments, typically in clients running | | | | | | sandboxed Java Web Start applications or sandboxed Java applets, that | | | | | | load and run untrusted code (e.g., code that comes from the internet) | | | | | | and rely on the Java sandbox for security. This vulnerability can also | | | | | | be exploited by using APIs in the specified Component, e.g., through | | | | | | a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 | | | | | | (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S: | | | | | | U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21341 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Serialization). Supported versi | | | | | | ons that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0. | | | | | | 1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploi | | | | | | table vulnerability allows unauthenticated attacker with network acces | | | | | | s via multiple protocols to compromise Oracle Java SE, Oracle GraalVM | | | | | | Enterprise Edition. Successful attacks of this vulnerability can resul | | | | | | t in unauthorized ability to cause a partial denial of service (partia | | | | | | l DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: Thi | | | | | | s vulnerability applies to Java deployments, typically in clients runn | | | | | | ing sandboxed Java Web Start applications or sandboxed Java applets, t | | | | | | hat load and run untrusted code (e.g., code that comes from the intern | | | | | | et) and rely on the Java sandbox for security. This vulnerability can | | | | | | also be exploited by using APIs in the specified Component, e.g., thro | | | | | | ugh a web service which supplies data to the APIs. CVSS 3.1 Base Score | | | | | | 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI: | | | | | | N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21349 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: 2D). Supported versions that ar | | | | | | e affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise | | | | | | Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows u | | | | | | nauthenticated attacker with network access via multiple protocols to | | | | | | compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successf | | | | | | ul attacks of this vulnerability can result in unauthorized ability to | | | | | | cause a partial denial of service (partial DOS) of Oracle Java SE, Or | | | | | | acle GraalVM Enterprise Edition. Note: This vulnerability applies to J | | | | | | ava deployments, typically in clients running sandboxed Java Web Start | | | | | | applications or sandboxed Java applets, that load and run untrusted c | | | | | | ode (e.g., code that comes from the internet) and rely on the Java san | | | | | | dbox for security. This vulnerability can also be exploited by using A | | | | | | PIs in the specified Component, e.g., through a web service which supp | | | | | | lies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). | | | | | | CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21360 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: ImageIO). Supported versions th | | | | | | at are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Ora | | | | | | cle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable | | | | | | vulnerability allows unauthenticated attacker with network access via | | | | | | multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterp | | | | | | rise Edition. Successful attacks of this vulnerability can result in u | | | | | | nauthorized ability to cause a partial denial of service (partial DOS) | | | | | | of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vuln | | | | | | erability applies to Java deployments, typically in clients running sa | | | | | | ndboxed Java Web Start applications or sandboxed Java applets, that lo | | | | | | ad and run untrusted code (e.g., code that comes from the internet) an | | | | | | d rely on the Java sandbox for security. This vulnerability can also b | | | | | | e exploited by using APIs in the specified Component, e.g., through a | | | | | | web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 ( | | | | | | Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/ | | | | | | C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21365 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: ImageIO). Supported versions th | | | | | | at are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Ora | | | | | | cle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable | | | | | | vulnerability allows unauthenticated attacker with network access via | | | | | | multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterp | | | | | | rise Edition. Successful attacks of this vulnerability can result in u | | | | | | nauthorized ability to cause a partial denial of service (partial DOS) | | | | | | of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vuln | | | | | | erability applies to Java deployments, typically in clients running sa | | | | | | ndboxed Java Web Start applications or sandboxed Java applets, that lo | | | | | | ad and run untrusted code (e.g., code that comes from the internet) an | | | | | | d rely on the Java sandbox for security. This vulnerability can also b | | | | | | e exploited by using APIs in the specified Component, e.g., through a | | | | | | web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 ( | | | | | | Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/ | | | | | | C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21426 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: JAXP). Supported versions that | | | | | | are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Or | | | | | | acle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily e | | | | | | xploitable vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Oracle Java SE, Oracle Gra | | | | | | alVM Enterprise Edition. Successful attacks of this vulnerability can | | | | | | result in unauthorized ability to cause a partial denial of service (p | | | | | | artial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note | | | | | | : This vulnerability applies to Java deployments, typically in clients | | | | | | running sandboxed Java Web Start applications or sandboxed Java apple | | | | | | ts, that load and run untrusted code (e.g., code that comes from the i | | | | | | nternet) and rely on the Java sandbox for security. This vulnerability | | | | | | can also be exploited by using APIs in the specified Component, e.g., | | | | | | through a web service which supplies data to the APIs. CVSS 3.1 Base | | | | | | Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR: | | | | | | N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21434 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Libraries). Supported versions | | | | | | that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 1 | | | | | | 8; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Eas | | | | | | ily exploitable vulnerability allows unauthenticated attacker with net | | | | | | work access via multiple protocols to compromise Oracle Java SE, Oracl | | | | | | e GraalVM Enterprise Edition. Successful attacks of this vulnerability | | | | | | can result in unauthorized update, insert or delete access to some of | | | | | | Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. No | | | | | | te: This vulnerability applies to Java deployments, typically in clien | | | | | | ts running sandboxed Java Web Start applications or sandboxed Java app | | | | | | lets, that load and run untrusted code (e.g., code that comes from the | | | | | | internet) and rely on the Java sandbox for security. This vulnerabili | | | | | | ty can also be exploited by using APIs in the specified Component, e.g | | | | | | ., through a web service which supplies data to the APIs. CVSS 3.1 Bas | | | | | | e Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N | | | | | | /UI:N/S:U/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21443 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Libraries). Supported versions | | | | | | that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 1 | | | | | | 8; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Dif | | | | | | ficult to exploit vulnerability allows unauthenticated attacker with n | | | | | | etwork access via multiple protocols to compromise Oracle Java SE, Ora | | | | | | cle GraalVM Enterprise Edition. Successful attacks of this vulnerabili | | | | | | ty can result in unauthorized ability to cause a partial denial of ser | | | | | | vice (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Editio | | | | | | n. Note: This vulnerability applies to Java deployments, typically in | | | | | | clients running sandboxed Java Web Start applications or sandboxed Jav | | | | | | a applets, that load and run untrusted code (e.g., code that comes fro | | | | | | m the internet) and rely on the Java sandbox for security. This vulner | | | | | | ability can also be exploited by using APIs in the specified Component | | | | | | , e.g., through a web service which supplies data to the APIs. CVSS 3. | | | | | | 1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/A | | | | | | C:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21476 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: Libraries). Supported versions | | | | | | that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 1 | | | | | | 8; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Eas | | | | | | ily exploitable vulnerability allows unauthenticated attacker with net | | | | | | work access via multiple protocols to compromise Oracle Java SE, Oracl | | | | | | e GraalVM Enterprise Edition. Successful attacks of this vulnerability | | | | | | can result in unauthorized access to critical data or complete access | | | | | | to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible d | | | | | | ata. Note: This vulnerability applies to Java deployments, typically i | | | | | | n clients running sandboxed Java Web Start applications or sandboxed J | | | | | | ava applets, that load and run untrusted code (e.g., code that comes f | | | | | | rom the internet) and rely on the Java sandbox for security. This vuln | | | | | | erability can also be exploited by using APIs in the specified Compone | | | | | | nt, e.g., through a web service which supplies data to the APIs. CVSS | | | | | | 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/A | | | | | | V:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2022-21496 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition | | | | | | product of Oracle Java SE (component: JNDI). Supported versions that | | | | | | are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Or | | | | | | acle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily e | | | | | | xploitable vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Oracle Java SE, Oracle Gra | | | | | | alVM Enterprise Edition. Successful attacks of this vulnerability can | | | | | | result in unauthorized update, insert or delete access to some of Orac | | | | | | le Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: T | | | | | | his vulnerability applies to Java deployments, typically in clients ru | | | | | | nning sandboxed Java Web Start applications or sandboxed Java applets, | | | | | | that load and run untrusted code (e.g., code that comes from the inte | | | | | | rnet) and rely on the Java sandbox for security. This vulnerability ca | | | | | | n also be exploited by using APIs in the specified Component, e.g., th | | | | | | rough a web service which supplies data to the APIs. CVSS 3.1 Base Sco | | | | | | re 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N | | | | | | /S:U/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-2952 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O | | | | | | racle Java SE (subcomponent: Concurrency). Supported versions that are | | | | | | affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedde | | | | | | d: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows | | | | | | unauthenticated attacker with network access via multiple protocols t | | | | | | o compromise Java SE, Java SE Embedded, JRockit. Successful attacks of | | | | | | this vulnerability can result in unauthorized ability to cause a part | | | | | | ial denial of service (partial DOS) of Java SE, Java SE Embedded, JRoc | | | | | | kit. Note: Applies to client and server deployment of Java. This vulne | | | | | | rability can be exploited through sandboxed Java Web Start application | | | | | | s and sandboxed Java applets. It can also be exploited by supplying da | | | | | | ta to APIs in the specified Component without using sandboxed Java Web | | | | | | Start applications or sandboxed Java applets, such as through a web s | | | | | | ervice. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: ( | | | | | | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-3136 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav | | | | | | a SE (subcomponent: Security). Supported versions that are affected ar | | | | | | e Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Diffic | | | | | | ult to exploit vulnerability allows unauthenticated attacker with netw | | | | | | ork access via multiple protocols to compromise Java SE, Java SE Embed | | | | | | ded. Successful attacks require human interaction from a person other | | | | | | than the attacker and while the vulnerability is in Java SE, Java SE E | | | | | | mbedded, attacks may significantly impact additional products. Success | | | | | | ful attacks of this vulnerability can result in unauthorized update, i | | | | | | nsert or delete access to some of Java SE, Java SE Embedded accessible | | | | | | data. Note: This vulnerability applies to Java deployments, typically | | | | | | in clients running sandboxed Java Web Start applications or sandboxed | | | | | | Java applets (in Java SE 8), that load and run untrusted code (e.g. c | | | | | | ode that comes from the internet) and rely on the Java sandbox for sec | | | | | | urity. This vulnerability does not apply to Java deployments, typicall | | | | | | y in servers, that load and run only trusted code (e.g. code installed | | | | | | by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CV | | | | | | SS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-3139 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav | | | | | | a SE (subcomponent: Networking). Supported versions that are affected | | | | | | are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Diff | | | | | | icult to exploit vulnerability allows unauthenticated attacker with ne | | | | | | twork access via multiple protocols to compromise Java SE, Java SE Emb | | | | | | edded. Successful attacks require human interaction from a person othe | | | | | | r than the attacker. Successful attacks of this vulnerability can resu | | | | | | lt in unauthorized read access to a subset of Java SE, Java SE Embedde | | | | | | d accessible data. Note: This vulnerability applies to Java deployment | | | | | | s, typically in clients running sandboxed Java Web Start applications | | | | | | or sandboxed Java applets (in Java SE 8), that load and run untrusted | | | | | | code (e.g. code that comes from the internet) and rely on the Java san | | | | | | dbox for security. This vulnerability does not apply to Java deploymen | | | | | | ts, typically in servers, that load and run only trusted code (e.g. co | | | | | | de installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidenti | | | | | | ality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N | | | | | | /A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2422 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent | | | | | | : Libraries). Supported versions that are affected are Java SE: 7u201, | | | | | | 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulne | | | | | | rability allows unauthenticated attacker with network access via multi | | | | | | ple protocols to compromise Java SE. Successful attacks require human | | | | | | interaction from a person other than the attacker. Successful attacks | | | | | | of this vulnerability can result in unauthorized read access to a subs | | | | | | et of Java SE accessible data. Note: This vulnerability applies to Jav | | | | | | a deployments, typically in clients running sandboxed Java Web Start a | | | | | | pplications or sandboxed Java applets (in Java SE 8), that load and ru | | | | | | n untrusted code (e.g., code that comes from the internet) and rely on | | | | | | the Java sandbox for security. This vulnerability does not apply to J | | | | | | ava deployments, typically in servers, that load and run only trusted | | | | | | code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3 | | | | | | .1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI | | | | | | :R/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2786 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav | | | | | | a SE (subcomponent: Security). Supported versions that are affected ar | | | | | | e Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficul | | | | | | t to exploit vulnerability allows unauthenticated attacker with networ | | | | | | k access via multiple protocols to compromise Java SE, Java SE Embedde | | | | | | d. Successful attacks require human interaction from a person other th | | | | | | an the attacker and while the vulnerability is in Java SE, Java SE Emb | | | | | | edded, attacks may significantly impact additional products. Successfu | | | | | | l attacks of this vulnerability can result in unauthorized read access | | | | | | to a subset of Java SE, Java SE Embedded accessible data. Note: This | | | | | | vulnerability applies to Java deployments, typically in clients runnin | | | | | | g sandboxed Java Web Start applications or sandboxed Java applets (in | | | | | | Java SE 8), that load and run untrusted code (e.g., code that comes fr | | | | | | om the internet) and rely on the Java sandbox for security. This vulne | | | | | | rability can also be exploited by using APIs in the specified Componen | | | | | | t, e.g., through a web service which supplies data to the APIs. CVSS 3 | | | | | | .0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV | | | | | | :N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2842 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent | | | | | | : JCE). The supported version that is affected is Java SE: 8u212. Diff | | | | | | icult to exploit vulnerability allows unauthenticated attacker with ne | | | | | | twork access via multiple protocols to compromise Java SE. Successful | | | | | | attacks of this vulnerability can result in unauthorized ability to ca | | | | | | use a partial denial of service (partial DOS) of Java SE. Note: This v | | | | | | ulnerability applies to Java deployments, typically in clients running | | | | | | sandboxed Java Web Start applications or sandboxed Java applets (in J | | | | | | ava SE 8), that load and run untrusted code (e.g., code that comes fro | | | | | | m the internet) and rely on the Java sandbox for security. This vulner | | | | | | ability can also be exploited by using APIs in the specified Component | | | | | | , e.g., through a web service which supplies data to the APIs. CVSS 3. | | | | | | 0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/A | | | | | | C:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2894 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Security). Supported versions that are affected are Jav | | | | | | a SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded. | | | | | | Successful attacks of this vulnerability can result in unauthorized r | | | | | | ead access to a subset of Java SE, Java SE Embedded accessible data. N | | | | | | ote: This vulnerability applies to Java deployments, typically in clie | | | | | | nts running sandboxed Java Web Start applications or sandboxed Java ap | | | | | | plets (in Java SE 8), that load and run untrusted code (e.g., code tha | | | | | | t comes from the internet) and rely on the Java sandbox for security. | | | | | | This vulnerability can also be exploited by using APIs in the specifie | | | | | | d Component, e.g., through a web service which supplies data to the AP | | | | | | Is. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (C | | | | | | VSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2945 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Networking). Supported versions that are affected are J | | | | | | ava SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficul | | | | | | t to exploit vulnerability allows unauthenticated attacker with networ | | | | | | k access via multiple protocols to compromise Java SE, Java SE Embedde | | | | | | d. Successful attacks require human interaction from a person other th | | | | | | an the attacker. Successful attacks of this vulnerability can result i | | | | | | n unauthorized ability to cause a partial denial of service (partial D | | | | | | OS) of Java SE, Java SE Embedded. Note: This vulnerability applies to | | | | | | Java deployments, typically in clients running sandboxed Java Web Star | | | | | | t applications or sandboxed Java applets (in Java SE 8), that load and | | | | | | run untrusted code (e.g., code that comes from the internet) and rely | | | | | | on the Java sandbox for security. This vulnerability does not apply t | | | | | | o Java deployments, typically in servers, that load and run only trust | | | | | | ed code (e.g., code installed by an administrator). CVSS 3.0 Base Scor | | | | | | e 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI | | | | | | :R/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2962 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: 2D). Supported versions that are affected are Java SE: | | | | | | 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exp | | | | | | loit vulnerability allows unauthenticated attacker with network access | | | | | | via multiple protocols to compromise Java SE, Java SE Embedded. Succe | | | | | | ssful attacks of this vulnerability can result in unauthorized ability | | | | | | to cause a partial denial of service (partial DOS) of Java SE, Java S | | | | | | E Embedded. Note: This vulnerability applies to Java deployments, typi | | | | | | cally in clients running sandboxed Java Web Start applications or sand | | | | | | boxed Java applets (in Java SE 8), that load and run untrusted code (e | | | | | | .g., code that comes from the internet) and rely on the Java sandbox f | | | | | | or security. This vulnerability can also be exploited by using APIs in | | | | | | the specified Component, e.g., through a web service which supplies d | | | | | | ata to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS | | | | | | Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2964 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Concurrency). Supported versions that are affected are | | | | | | Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficu | | | | | | lt to exploit vulnerability allows unauthenticated attacker with netwo | | | | | | rk access via multiple protocols to compromise Java SE, Java SE Embedd | | | | | | ed. Successful attacks of this vulnerability can result in unauthorize | | | | | | d ability to cause a partial denial of service (partial DOS) of Java S | | | | | | E, Java SE Embedded. Note: This vulnerability can only be exploited by | | | | | | supplying data to APIs in the specified Component without using Untru | | | | | | sted Java Web Start applications or Untrusted Java applets, such as th | | | | | | rough a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). C | | | | | | VSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2973 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: JAXP). Supported versions that are affected are Java SE | | | | | | : 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to e | | | | | | xploit vulnerability allows unauthenticated attacker with network acce | | | | | | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc | | | | | | cessful attacks of this vulnerability can result in unauthorized abili | | | | | | ty to cause a partial denial of service (partial DOS) of Java SE, Java | | | | | | SE Embedded. Note: This vulnerability applies to Java deployments, ty | | | | | | pically in clients running sandboxed Java Web Start applications or sa | | | | | | ndboxed Java applets (in Java SE 8), that load and run untrusted code | | | | | | (e.g., code that comes from the internet) and rely on the Java sandbox | | | | | | for security. This vulnerability can also be exploited by using APIs | | | | | | in the specified Component, e.g., through a web service which supplies | | | | | | data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVS | | | | | | S Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2978 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Networking). Supported versions that are affected are J | | | | | | ava SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficul | | | | | | t to exploit vulnerability allows unauthenticated attacker with networ | | | | | | k access via multiple protocols to compromise Java SE, Java SE Embedde | | | | | | d. Successful attacks of this vulnerability can result in unauthorized | | | | | | ability to cause a partial denial of service (partial DOS) of Java SE | | | | | | , Java SE Embedded. Note: This vulnerability applies to Java deploymen | | | | | | ts, typically in clients running sandboxed Java Web Start applications | | | | | | or sandboxed Java applets (in Java SE 8), that load and run untrusted | | | | | | code (e.g., code that comes from the internet) and rely on the Java s | | | | | | andbox for security. This vulnerability can also be exploited by using | | | | | | APIs in the specified Component, e.g., through a web service which su | | | | | | pplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts | | | | | | ). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2981 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: JAXP). Supported versions that are affected are Java SE | | | | | | : 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to e | | | | | | xploit vulnerability allows unauthenticated attacker with network acce | | | | | | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc | | | | | | cessful attacks of this vulnerability can result in unauthorized abili | | | | | | ty to cause a partial denial of service (partial DOS) of Java SE, Java | | | | | | SE Embedded. Note: This vulnerability applies to Java deployments, ty | | | | | | pically in clients running sandboxed Java Web Start applications or sa | | | | | | ndboxed Java applets (in Java SE 8), that load and run untrusted code | | | | | | (e.g., code that comes from the internet) and rely on the Java sandbox | | | | | | for security. This vulnerability can also be exploited by using APIs | | | | | | in the specified Component, e.g., through a web service which supplies | | | | | | data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVS | | | | | | S Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2983 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Serialization). Supported versions that are affected ar | | | | | | e Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Diffi | | | | | | cult to exploit vulnerability allows unauthenticated attacker with net | | | | | | work access via multiple protocols to compromise Java SE, Java SE Embe | | | | | | dded. Successful attacks of this vulnerability can result in unauthori | | | | | | zed ability to cause a partial denial of service (partial DOS) of Java | | | | | | SE, Java SE Embedded. Note: This vulnerability applies to Java deploy | | | | | | ments, typically in clients running sandboxed Java Web Start applicati | | | | | | ons or sandboxed Java applets (in Java SE 8), that load and run untrus | | | | | | ted code (e.g., code that comes from the internet) and rely on the Jav | | | | | | a sandbox for security. This vulnerability can also be exploited by us | | | | | | ing APIs in the specified Component, e.g., through a web service which | | | | | | supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impa | | | | | | cts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2987 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE product of Oracle Java SE (component: 2D) | | | | | | . Supported versions that are affected are Java SE: 11.0.4 and 13. Dif | | | | | | ficult to exploit vulnerability allows unauthenticated attacker with n | | | | | | etwork access via multiple protocols to compromise Java SE. Successful | | | | | | attacks of this vulnerability can result in unauthorized ability to c | | | | | | ause a partial denial of service (partial DOS) of Java SE. Note: This | | | | | | vulnerability applies to Java deployments, typically in clients runnin | | | | | | g sandboxed Java Web Start applications or sandboxed Java applets (in | | | | | | Java SE 8), that load and run untrusted code (e.g., code that comes fr | | | | | | om the internet) and rely on the Java sandbox for security. This vulne | | | | | | rability can also be exploited by using APIs in the specified Componen | | | | | | t, e.g., through a web service which supplies data to the APIs. CVSS 3 | | | | | | .0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/ | | | | | | AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2988 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: 2D). Supported versions that are affected are Java SE: | | | | | | 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exp | | | | | | loit vulnerability allows unauthenticated attacker with network access | | | | | | via multiple protocols to compromise Java SE, Java SE Embedded. Succe | | | | | | ssful attacks of this vulnerability can result in unauthorized ability | | | | | | to cause a partial denial of service (partial DOS) of Java SE, Java S | | | | | | E Embedded. Note: This vulnerability applies to Java deployments, typi | | | | | | cally in clients running sandboxed Java Web Start applications or sand | | | | | | boxed Java applets (in Java SE 8), that load and run untrusted code (e | | | | | | .g., code that comes from the internet) and rely on the Java sandbox f | | | | | | or security. This vulnerability does not apply to Java deployments, ty | | | | | | pically in servers, that load and run only trusted code (e.g., code in | | | | | | stalled by an administrator). CVSS 3.0 Base Score 3.7 (Availability im | | | | | | pacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-2992 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: 2D). Supported versions that are affected are Java SE: | | | | | | 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exp | | | | | | loit vulnerability allows unauthenticated attacker with network access | | | | | | via multiple protocols to compromise Java SE, Java SE Embedded. Succe | | | | | | ssful attacks of this vulnerability can result in unauthorized ability | | | | | | to cause a partial denial of service (partial DOS) of Java SE, Java S | | | | | | E Embedded. Note: This vulnerability applies to Java deployments, typi | | | | | | cally in clients running sandboxed Java Web Start applications or sand | | | | | | boxed Java applets (in Java SE 8), that load and run untrusted code (e | | | | | | .g., code that comes from the internet) and rely on the Java sandbox f | | | | | | or security. This vulnerability does not apply to Java deployments, ty | | | | | | pically in servers, that load and run only trusted code (e.g., code in | | | | | | stalled by an administrator). CVSS 3.0 Base Score 3.7 (Availability im | | | | | | pacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-14577 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: JSSE). Supported versions that are affected are Java SE | | | | | | : 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via TLS to compromise Java SE, Java SE Embedded. Successful att | | | | | | acks of this vulnerability can result in unauthorized read access to a | | | | | | subset of Java SE, Java SE Embedded accessible data. Note: Applies to | | | | | | client and server deployment of Java. This vulnerability can be explo | | | | | | ited through sandboxed Java Web Start applications and sandboxed Java | | | | | | applets. It can also be exploited by supplying data to APIs in the spe | | | | | | cified Component without using sandboxed Java Web Start applications o | | | | | | r sandboxed Java applets, such as through a web service. CVSS 3.1 Base | | | | | | Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H | | | | | | /PR:N/UI:N/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-14578 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit | | | | | | vulnerability allows unauthenticated attacker with network access via | | | | | | multiple protocols to compromise Java SE, Java SE Embedded. Successful | | | | | | attacks of this vulnerability can result in unauthorized ability to c | | | | | | ause a partial denial of service (partial DOS) of Java SE, Java SE Emb | | | | | | edded. Note: Applies to client and server deployment of Java. This vul | | | | | | nerability can be exploited through sandboxed Java Web Start applicati | | | | | | ons and sandboxed Java applets. It can also be exploited by supplying | | | | | | data to APIs in the specified Component without using sandboxed Java W | | | | | | eb Start applications or sandboxed Java applets, such as through a web | | | | | | service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: | | | | | | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-14579 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit | | | | | | vulnerability allows unauthenticated attacker with network access via | | | | | | multiple protocols to compromise Java SE, Java SE Embedded. Successful | | | | | | attacks of this vulnerability can result in unauthorized ability to c | | | | | | ause a partial denial of service (partial DOS) of Java SE, Java SE Emb | | | | | | edded. Note: Applies to client and server deployment of Java. This vul | | | | | | nerability can be exploited through sandboxed Java Web Start applicati | | | | | | ons and sandboxed Java applets. It can also be exploited by supplying | | | | | | data to APIs in the specified Component without using sandboxed Java W | | | | | | eb Start applications or sandboxed Java applets, such as through a web | | | | | | service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: | | | | | | (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-14581 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: 2D). Supported versions that are affected are Java SE: | | | | | | 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploi | | | | | | t vulnerability allows unauthenticated attacker with network access vi | | | | | | a multiple protocols to compromise Java SE, Java SE Embedded. Successf | | | | | | ul attacks of this vulnerability can result in unauthorized read acces | | | | | | s to a subset of Java SE, Java SE Embedded accessible data. Note: Appl | | | | | | ies to client and server deployment of Java. This vulnerability can be | | | | | | exploited through sandboxed Java Web Start applications and sandboxed | | | | | | Java applets. It can also be exploited by supplying data to APIs in t | | | | | | he specified Component without using sandboxed Java Web Start applicat | | | | | | ions or sandboxed Java applets, such as through a web service. CVSS 3. | | | | | | 1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV: | | | | | | N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-14796 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded | | | | | | . Successful attacks require human interaction from a person other tha | | | | | | n the attacker. Successful attacks of this vulnerability can result in | | | | | | unauthorized read access to a subset of Java SE, Java SE Embedded acc | | | | | | essible data. Note: This vulnerability applies to Java deployments, ty | | | | | | pically in clients running sandboxed Java Web Start applications or sa | | | | | | ndboxed Java applets, that load and run untrusted code (e.g., code tha | | | | | | t comes from the internet) and rely on the Java sandbox for security. | | | | | | This vulnerability does not apply to Java deployments, typically in se | | | | | | rvers, that load and run only trusted code (e.g., code installed by an | | | | | | administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CV | | | | | | SS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-14798 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Libraries). Supported versions that are affected are Ja | | | | | | va SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded | | | | | | . Successful attacks require human interaction from a person other tha | | | | | | n the attacker. Successful attacks of this vulnerability can result in | | | | | | unauthorized update, insert or delete access to some of Java SE, Java | | | | | | SE Embedded accessible data. Note: This vulnerability applies to Java | | | | | | deployments, typically in clients running sandboxed Java Web Start ap | | | | | | plications or sandboxed Java applets, that load and run untrusted code | | | | | | (e.g., code that comes from the internet) and rely on the Java sandbo | | | | | | x for security. This vulnerability does not apply to Java deployments, | | | | | | typically in servers, that load and run only trusted code (e.g., code | | | | | | installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity im | | | | | | pacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-2583 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Serialization). Supported versions that are affected ar | | | | | | e Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. D | | | | | | ifficult to exploit vulnerability allows unauthenticated attacker with | | | | | | network access via multiple protocols to compromise Java SE, Java SE | | | | | | Embedded. Successful attacks of this vulnerability can result in unaut | | | | | | horized ability to cause a partial denial of service (partial DOS) of | | | | | | Java SE, Java SE Embedded. Note: This vulnerability applies to Java de | | | | | | ployments, typically in clients running sandboxed Java Web Start appli | | | | | | cations or sandboxed Java applets (in Java SE 8), that load and run un | | | | | | trusted code (e.g., code that comes from the internet) and rely on the | | | | | | Java sandbox for security. This vulnerability can also be exploited b | | | | | | y using APIs in the specified Component, e.g., through a web service w | | | | | | hich supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability | | | | | | impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-2590 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Security). Supported versions that are affected are Jav | | | | | | a SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Diffic | | | | | | ult to exploit vulnerability allows unauthenticated attacker with netw | | | | | | ork access via Kerberos to compromise Java SE, Java SE Embedded. Succe | | | | | | ssful attacks of this vulnerability can result in unauthorized update, | | | | | | insert or delete access to some of Java SE, Java SE Embedded accessib | | | | | | le data. Note: This vulnerability applies to Java deployments, typical | | | | | | ly in clients running sandboxed Java Web Start applications or sandbox | | | | | | ed Java applets (in Java SE 8), that load and run untrusted code (e.g. | | | | | | , code that comes from the internet) and rely on the Java sandbox for | | | | | | security. This vulnerability can also be exploited by using APIs in th | | | | | | e specified Component, e.g., through a web service which supplies data | | | | | | to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector | | | | | | : (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-2654 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE product of Oracle Java SE (component: Lib | | | | | | raries). Supported versions that are affected are Java SE: 7u241, 8u23 | | | | | | 1, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauth | | | | | | enticated attacker with network access via multiple protocols to compr | | | | | | omise Java SE. Successful attacks of this vulnerability can result in | | | | | | unauthorized ability to cause a partial denial of service (partial DOS | | | | | | ) of Java SE. Note: This vulnerability can only be exploited by supply | | | | | | ing data to APIs in the specified Component without using Untrusted Ja | | | | | | va Web Start applications or Untrusted Java applets, such as through a | | | | | | web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vec | | | | | | tor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-2659 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Networking). Supported versions that are affected are J | | | | | | ava SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit | | | | | | vulnerability allows unauthenticated attacker with network access via | | | | | | multiple protocols to compromise Java SE, Java SE Embedded. Successfu | | | | | | l attacks of this vulnerability can result in unauthorized ability to | | | | | | cause a partial denial of service (partial DOS) of Java SE, Java SE Em | | | | | | bedded. Note: This vulnerability applies to Java deployments, typicall | | | | | | y in clients running sandboxed Java Web Start applications or sandboxe | | | | | | d Java applets (in Java SE 8), that load and run untrusted code (e.g., | | | | | | code that comes from the internet) and rely on the Java sandbox for s | | | | | | ecurity. This vulnerability can also be exploited by using APIs in the | | | | | | specified Component, e.g., through a web service which supplies data | | | | | | to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vect | | | | | | or: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-2754 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Scripting). Supported versions that are affected are Ja | | | | | | va SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exp | | | | | | loit vulnerability allows unauthenticated attacker with network access | | | | | | via multiple protocols to compromise Java SE, Java SE Embedded. Succe | | | | | | ssful attacks of this vulnerability can result in unauthorized ability | | | | | | to cause a partial denial of service (partial DOS) of Java SE, Java S | | | | | | E Embedded. Note: Applies to client and server deployment of Java. Thi | | | | | | s vulnerability can be exploited through sandboxed Java Web Start appl | | | | | | ications and sandboxed Java applets. It can also be exploited by suppl | | | | | | ying data to APIs in the specified Component without using sandboxed J | | | | | | ava Web Start applications or sandboxed Java applets, such as through | | | | | | a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Ve | | | | | | ctor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-2755 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Scripting). Supported versions that are affected are Ja | | | | | | va SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exp | | | | | | loit vulnerability allows unauthenticated attacker with network access | | | | | | via multiple protocols to compromise Java SE, Java SE Embedded. Succe | | | | | | ssful attacks of this vulnerability can result in unauthorized ability | | | | | | to cause a partial denial of service (partial DOS) of Java SE, Java S | | | | | | E Embedded. Note: Applies to client and server deployment of Java. Thi | | | | | | s vulnerability can be exploited through sandboxed Java Web Start appl | | | | | | ications and sandboxed Java applets. It can also be exploited by suppl | | | | | | ying data to APIs in the specified Component without using sandboxed J | | | | | | ava Web Start applications or sandboxed Java applets, such as through | | | | | | a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Ve | | | | | | ctor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-2756 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Serialization). Supported versions that are affected ar | | | | | | e Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Diffi | | | | | | cult to exploit vulnerability allows unauthenticated attacker with net | | | | | | work access via multiple protocols to compromise Java SE, Java SE Embe | | | | | | dded. Successful attacks of this vulnerability can result in unauthori | | | | | | zed ability to cause a partial denial of service (partial DOS) of Java | | | | | | SE, Java SE Embedded. Note: Applies to client and server deployment o | | | | | | f Java. This vulnerability can be exploited through sandboxed Java Web | | | | | | Start applications and sandboxed Java applets. It can also be exploit | | | | | | ed by supplying data to APIs in the specified Component without using | | | | | | sandboxed Java Web Start applications or sandboxed Java applets, such | | | | | | as through a web service. CVSS 3.0 Base Score 3.7 (Availability impact | | | | | | s). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-2757 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Serialization). Supported versions that are affected ar | | | | | | e Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Diffi | | | | | | cult to exploit vulnerability allows unauthenticated attacker with net | | | | | | work access via multiple protocols to compromise Java SE, Java SE Embe | | | | | | dded. Successful attacks of this vulnerability can result in unauthori | | | | | | zed ability to cause a partial denial of service (partial DOS) of Java | | | | | | SE, Java SE Embedded. Note: Applies to client and server deployment o | | | | | | f Java. This vulnerability can be exploited through sandboxed Java Web | | | | | | Start applications and sandboxed Java applets. It can also be exploit | | | | | | ed by supplying data to APIs in the specified Component without using | | | | | | sandboxed Java Web Start applications or sandboxed Java applets, such | | | | | | as through a web service. CVSS 3.0 Base Score 3.7 (Availability impact | | | | | | s). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2020-2773 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java | | | | | | SE (component: Security). Supported versions that are affected are Jav | | | | | | a SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult | | | | | | to exploit vulnerability allows unauthenticated attacker with network | | | | | | access via multiple protocols to compromise Java SE, Java SE Embedded. | | | | | | Successful attacks of this vulnerability can result in unauthorized a | | | | | | bility to cause a partial denial of service (partial DOS) of Java SE, | | | | | | Java SE Embedded. Note: Applies to client and server deployment of Jav | | | | | | a. This vulnerability can be exploited through sandboxed Java Web Star | | | | | | t applications and sandboxed Java applets. It can also be exploited by | | | | | | supplying data to APIs in the specified Component without using sandb | | | | | | oxed Java Web Start applications or sandboxed Java applets, such as th | | | | | | rough a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). C | | | | | | VSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-2163 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr | | | | | | ise Edition product of Oracle Java SE (component: Libraries). Supporte | | | | | | d versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; J | | | | | | ava SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20. | | | | | | 3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthen | | | | | | ticated attacker with network access via multiple protocols to comprom | | | | | | ise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Succ | | | | | | essful attacks require human interaction from a person other than the | | | | | | attacker. Successful attacks of this vulnerability can result in unaut | | | | | | horized creation, deletion or modification access to critical data or | | | | | | all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition acces | | | | | | sible data. Note: This vulnerability applies to Java deployments that | | | | | | load and run untrusted code (e.g., code that comes from the internet) | | | | | | and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (In | | | | | | tegrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I | | | | | | :H/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-35588 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: Hotspot). Supported versions that are | | | | | | affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: | | | | | | 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthen | | | | | | ticated attacker with network access via multiple protocols to comprom | | | | | | ise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks req | | | | | | uire human interaction from a person other than the attacker. Successf | | | | | | ul attacks of this vulnerability can result in unauthorized ability to | | | | | | cause a partial denial of service (partial DOS) of Java SE, Oracle Gr | | | | | | aalVM Enterprise Edition. Note: This vulnerability applies to Java dep | | | | | | loyments, typically in clients running sandboxed Java Web Start applic | | | | | | ations or sandboxed Java applets, that load and run untrusted code (e. | | | | | | g., code that comes from the internet) and rely on the Java sandbox fo | | | | | | r security. This vulnerability can also be exploited by using APIs in | | | | | | the specified Component, e.g., through a web service which supplies da | | | | | | ta to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS V | | | | | | ector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-35603 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc | | | | | | t of Oracle Java SE (component: JSSE). Supported versions that are aff | | | | | | ected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterpris | | | | | | e Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allow | | | | | | s unauthenticated attacker with network access via TLS to compromise J | | | | | | ava SE, Oracle GraalVM Enterprise Edition. Successful attacks of this | | | | | | vulnerability can result in unauthorized read access to a subset of Ja | | | | | | va SE, Oracle GraalVM Enterprise Edition accessible data. Note: This v | | | | | | ulnerability applies to Java deployments, typically in clients running | | | | | | sandboxed Java Web Start applications or sandboxed Java applets, that | | | | | | load and run untrusted code (e.g., code that comes from the internet) | | | | | | and rely on the Java sandbox for security. This vulnerability can als | | | | | | o be exploited by using APIs in the specified Component, e.g., through | | | | | | a web service which supplies data to the APIs. CVSS 3.1 Base Score 3. | | | | | | 7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI: | | | | | | N/S:U/C:L/I:N/A:N). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2412-2 | openjdk-8-jre-headless | 8u171-b11-1~deb9u1 | DLA-2412-2 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2022-1292 | openssl | 1.1.0f-3+deb9u2 | The c_rehash script does not properly sanitise shell metacharacters to | | | | | | prevent command injection. This script is distributed by some operati | | | | | | ng systems in a manner where it is automatically executed. On such ope | | | | | | rating systems, an attacker could execute arbitrary commands with the | | | | | | privileges of the script. Use of the c_rehash script is considered obs | | | | | | olete and should be replaced by the OpenSSL rehash command line tool. | | | | | | Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL | | | | | | 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0 | | | | | | .2-1.0.2zd). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-0732 | openssl | 1.1.0f-3+deb9u2 | During key agreement in a TLS handshake using a DH(E) based ciphersuit | | | | | | e a malicious server can send a very large prime value to the client. | | | | | | This will cause the client to spend an unreasonably long period of tim | | | | | | e generating a key for this prime resulting in a hang until the client | | | | | | has finished. This could be exploited in a Denial Of Service attack. | | | | | | Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL | | | | | | 1.0.2p-dev (Affected 1.0.2-1.0.2o). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2019-1543 | openssl | 1.1.0f-3+deb9u2 | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input | | | | | | for every encryption operation. RFC 7539 specifies that the nonce val | | | | | | ue (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce | | | | | | length and front pads the nonce with 0 bytes if it is less than 12 byt | | | | | | es. However it also incorrectly allows a nonce to be set of up to 16 b | | | | | | ytes. In this case only the last 12 bytes are significant and any addi | | | | | | tional leading bytes are ignored. It is a requirement of using this ci | | | | | | pher that nonce values are unique. Messages encrypted using a reused n | | | | | | once value are susceptible to serious confidentiality and integrity at | | | | | | tacks. If an application changes the default nonce length to be longer | | | | | | than 12 bytes and then makes a change to the leading bytes of the non | | | | | | ce expecting the new value to be a new unique nonce then such an appli | | | | | | cation could inadvertently encrypt messages with a reused nonce. Addit | | | | | | ionally the ignored bytes in a long nonce are not covered by the integ | | | | | | rity guarantee of this cipher. Any application that relies on the inte | | | | | | grity of these ignored leading bytes of a long nonce may be further af | | | | | | fected. Any OpenSSL internal use of this cipher, including in SSL/TLS, | | | | | | is safe because no such use sets such a long nonce value. However use | | | | | | r applications that use this cipher directly and set a non-default non | | | | | | ce length to be longer than 12 bytes may be vulnerable. OpenSSL versio | | | | | | ns 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scop | | | | | | e of affected deployments this has been assessed as low severity and t | | | | | | herefore we are not creating new releases at this time. Fixed in OpenS | | | | | | SL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1 | | | | | | .1.0-1.1.0j). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-23840 | openssl | 1.1.0f-3+deb9u2 | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may | | | | | | overflow the output length argument in some cases where the input len | | | | | | gth is close to the maximum permissable length for an integer on the p | | | | | | latform. In such cases the return value from the function call will be | | | | | | 1 (indicating success), but the output length value will be negative. | | | | | | This could cause applications to behave incorrectly or crash. OpenSSL | | | | | | versions 1.1.1i and below are affected by this issue. Users of these | | | | | | versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and | | | | | | below are affected by this issue. However OpenSSL 1.0.2 is out of sup | | | | | | port and no longer receiving public updates. Premium support customers | | | | | | of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade | | | | | | to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in | | | | | | OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2021-3712 | openssl | 1.1.0f-3+deb9u2 | ASN.1 strings are represented internally within OpenSSL as an ASN1_STR | | | | | | ING structure which contains a buffer holding the string data and a fi | | | | | | eld holding the buffer length. This contrasts with normal C strings wh | | | | | | ich are repesented as a buffer for the string data which is terminated | | | | | | with a NUL (0) byte. Although not a strict requirement, ASN.1 strings | | | | | | that are parsed using OpenSSL's own "d2i" functions (and other simila | | | | | | r parsing functions) as well as any string whose value has been set wi | | | | | | th the ASN1_STRING_set() function will additionally NUL terminate the | | | | | | byte array in the ASN1_STRING structure. However, it is possible for a | | | | | | pplications to directly construct valid ASN1_STRING structures which d | | | | | | o not NUL terminate the byte array by directly setting the "data" and | | | | | | "length" fields in the ASN1_STRING array. This can also happen by usin | | | | | | g the ASN1_STRING_set0() function. Numerous OpenSSL functions that pri | | | | | | nt ASN.1 data have been found to assume that the ASN1_STRING byte arra | | | | | | y will be NUL terminated, even though this is not guaranteed for strin | | | | | | gs that have been directly constructed. Where an application requests | | | | | | an ASN.1 structure to be printed, and where that ASN.1 structure conta | | | | | | ins ASN1_STRINGs that have been directly constructed by the applicatio | | | | | | n without NUL terminating the "data" field, then a read buffer overrun | | | | | | can occur. The same thing can also occur during name constraints proc | | | | | | essing of certificates (for example if a certificate has been directly | | | | | | constructed by the application instead of loading it via the OpenSSL | | | | | | parsing functions, and the certificate contains non NUL terminated ASN | | | | | | 1_STRING structures). It can also occur in the X509_get1_email(), X509 | | | | | | _REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor | | | | | | can cause an application to directly construct an ASN1_STRING and the | | | | | | n process it through one of the affected OpenSSL functions then this i | | | | | | ssue could be hit. This might result in a crash (causing a Denial of S | | | | | | ervice attack). It could also result in the disclosure of private memo | | | | | | ry contents (such as private keys, or sensitive plaintext). Fixed in O | | | | | | penSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affec | | | | | | ted 1.0.2-1.0.2y). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-0778 | openssl | 1.1.0f-3+deb9u2 | The BN_mod_sqrt() function, which computes a modular square root, cont | | | | | | ains a bug that can cause it to loop forever for non-prime moduli. Int | | | | | | ernally this function is used when parsing certificates that contain e | | | | | | lliptic curve public keys in compressed form or explicit elliptic curv | | | | | | e parameters with a base point encoded in compressed form. It is possi | | | | | | ble to trigger the infinite loop by crafting a certificate that has in | | | | | | valid explicit curve parameters. Since certificate parsing happens pri | | | | | | or to verification of the certificate signature, any process that pars | | | | | | es an externally supplied certificate may thus be subject to a denial | | | | | | of service attack. The infinite loop can also be reached when parsing | | | | | | crafted private keys as they can contain explicit elliptic curve param | | | | | | eters. Thus vulnerable situations include: - TLS clients consuming ser | | | | | | ver certificates - TLS servers consuming client certificates - Hosting | | | | | | providers taking certificates or private keys from customers - Certif | | | | | | icate authorities parsing certification requests from subscribers - An | | | | | | ything else which parses ASN.1 elliptic curve parameters Also any othe | | | | | | r applications that use the BN_mod_sqrt() where the attacker can contr | | | | | | ol the parameter values are vulnerable to this DoS issue. In the OpenS | | | | | | SL 1.0.2 version the public key is not parsed during initial parsing o | | | | | | f the certificate which makes it slightly harder to trigger the infini | | | | | | te loop. However any operation which requires the public key from the | | | | | | certificate will trigger the infinite loop. In particular the attacker | | | | | | can use a self-signed certificate to trigger the loop during verifica | | | | | | tion of the certificate signature. This issue affects OpenSSL versions | | | | | | 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and | | | | | | 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3 | | | | | | .0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenS | | | | | | SL 1.0.2zd (Affected 1.0.2-1.0.2zc). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-0734 | openssl | 1.1.0f-3+deb9u2 | The OpenSSL DSA signature algorithm has been shown to be vulnerable to | | | | | | a timing side channel attack. An attacker could use variations in the | | | | | | signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a | | | | | | (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi | | | | | | xed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-0735 | openssl | 1.1.0f-3+deb9u2 | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable | | | | | | to a timing side channel attack. An attacker could use variations in t | | | | | | he signing algorithm to recover the private key. Fixed in OpenSSL 1.1. | | | | | | 0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-0737 | openssl | 1.1.0f-3+deb9u2 | The OpenSSL RSA Key generation algorithm has been shown to be vulnerab | | | | | | le to a cache timing side channel attack. An attacker with sufficient | | | | | | access to mount cache timing attacks during the RSA key generation pro | | | | | | cess could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affec | | | | | | ted 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o | | | | | | ). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-5407 | openssl | 1.1.0f-3+deb9u2 | Simultaneous Multi-threading (SMT) in processors can enable local user | | | | | | s to exploit software vulnerable to timing attacks via a side-channel | | | | | | timing attack on 'port contention'. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-1547 | openssl | 1.1.0f-3+deb9u2 | Normally in OpenSSL EC groups always have a co-factor present and this | | | | | | is used in side channel resistant code paths. However, in some cases, | | | | | | it is possible to construct a group using explicit parameters (instea | | | | | | d of using a named curve). In those cases it is possible that such a g | | | | | | roup does not have the cofactor present. This can occur even where all | | | | | | the parameters match a known named curve. If such a curve is used the | | | | | | n OpenSSL falls back to non-side channel resistant code paths which ma | | | | | | y result in full key recovery during an ECDSA signature operation. In | | | | | | order to be vulnerable an attacker would have to have the ability to t | | | | | | ime the creation of a large number of signatures where explicit parame | | | | | | ters with no co-factor present are in use by an application using libc | | | | | | rypto. For the avoidance of doubt libssl is not vulnerable because exp | | | | | | licit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1 | | | | | | .1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in | | | | | | OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2019-1551 | openssl | 1.1.0f-3+deb9u2 | There is an overflow bug in the x64_64 Montgomery squaring procedure u | | | | | | sed in exponentiation with 512-bit moduli. No EC algorithms are affect | | | | | | ed. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RS | | | | | | A1536, and DSA1024 as a result of this defect would be very difficult | | | | | | to perform and are not believed likely. Attacks against DH512 are cons | | | | | | idered just feasible. However, for an attack the target would have to | | | | | | re-use the DH512 private key, which is not recommended anyway. Also ap | | | | | | plications directly using the low level API BN_mod_exp may be affected | | | | | | if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1 | | | | | | -1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2020-1971 | openssl | 1.1.0f-3+deb9u2 | The X.509 GeneralName type is a generic type for representing differen | | | | | | t types of names. One of those name types is known as EDIPartyName. Op | | | | | | enSSL provides a function GENERAL_NAME_cmp which compares different in | | | | | | stances of a GENERAL_NAME to see if they are equal or not. This functi | | | | | | on behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME | | | | | | . A NULL pointer dereference and a crash may occur leading to a possib | | | | | | le denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp | | | | | | function for two purposes: 1) Comparing CRL distribution point names b | | | | | | etween an available CRL and a CRL distribution point embedded in an X5 | | | | | | 09 certificate 2) When verifying that a timestamp response token signe | | | | | | r matches the timestamp authority name (exposed via the API functions | | | | | | TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can c | | | | | | ontrol both items being compared then that attacker could trigger a cr | | | | | | ash. For example if the attacker can trick a client or server into che | | | | | | cking a malicious certificate against a malicious CRL then this may oc | | | | | | cur. Note that some applications automatically download CRLs based on | | | | | | a URL embedded in a certificate. This checking happens prior to the si | | | | | | gnatures on the certificate and CRL being verified. OpenSSL's s_server | | | | | | , s_client and verify tools have support for the "-crl_download" optio | | | | | | n which implements automatic CRL downloading and this attack has been | | | | | | demonstrated to work against those tools. Note that an unrelated bug m | | | | | | eans that affected versions of OpenSSL cannot parse or construct corre | | | | | | ct encodings of EDIPARTYNAME. However it is possible to construct a ma | | | | | | lformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigg | | | | | | er this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by t | | | | | | his issue. Other OpenSSL releases are out of support and have not been | | | | | | checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in Op | | | | | | enSSL 1.0.2x (Affected 1.0.2-1.0.2w). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-23841 | openssl | 1.1.0f-3+deb9u2 | The OpenSSL public API function X509_issuer_and_serial_hash() attempts | | | | | | to create a unique hash value based on the issuer and serial number d | | | | | | ata contained within an X509 certificate. However it fails to correctl | | | | | | y handle any errors that may occur while parsing the issuer field (whi | | | | | | ch might occur if the issuer field is maliciously constructed). This m | | | | | | ay subsequently result in a NULL pointer deref and a crash leading to | | | | | | a potential denial of service attack. The function X509_issuer_and_ser | | | | | | ial_hash() is never directly called by OpenSSL itself so applications | | | | | | are only vulnerable if they use this function directly and they use it | | | | | | on certificates that may have been obtained from untrusted sources. O | | | | | | penSSL versions 1.1.1i and below are affected by this issue. Users of | | | | | | these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0. | | | | | | 2x and below are affected by this issue. However OpenSSL 1.0.2 is out | | | | | | of support and no longer receiving public updates. Premium support cus | | | | | | tomers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should u | | | | | | pgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fix | | | | | | ed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2021-4160 | openssl | 1.1.0f-3+deb9u2 | There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro | | | | | | cedure. Many EC algorithms are affected, including some of the TLS 1.3 | | | | | | default curves. Impact was not analyzed in detail, because the pre-re | | | | | | quisites for attack are considered unlikely and include reusing privat | | | | | | e keys. Analysis suggests that attacks against RSA and DSA as a result | | | | | | of this defect would be very difficult to perform and are not believe | | | | | | d likely. Attacks against DH are considered just feasible (although ve | | | | | | ry difficult) because most of the work necessary to deduce information | | | | | | about a private key may be performed offline. The amount of resources | | | | | | required for such an attack would be significant. However, for an att | | | | | | ack on TLS to be meaningful, the server would have to share the DH pri | | | | | | vate key among multiple clients, which is no longer an option since CV | | | | | | E-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. | | | | | | 0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of | | | | | | December 2021. For the 1.0.2 release it is addressed in git commit 6f | | | | | | c1aaaf3 that is available to premium support customers only. It will b | | | | | | e made available in 1.0.2zc when it is released. The issue only affect | | | | | | s OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). | | | | | | Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0. | | | | | | 2zc-dev (Affected 1.0.2-1.0.2zb). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-1563 | openssl | 1.1.0f-3+deb9u2 | In situations where an attacker receives automated notification of the | | | | | | success or failure of a decryption attempt an attacker, after sending | | | | | | a very large number of messages to be decrypted, can recover a CMS/PK | | | | | | CS7 transported encryption key or decrypt any RSA encrypted message th | | | | | | at was encrypted with the public RSA key, using a Bleichenbacher paddi | | | | | | ng oracle attack. Applications are not affected if they use a certific | | | | | | ate together with the private RSA key to the CMS_decrypt or PKCS7_decr | | | | | | ypt functions to select the correct recipient info to decrypt. Fixed i | | | | | | n OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Aff | | | | | | ected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2017-12424 | passwd | 1:4.4-4.1 | In shadow before 4.5, the newusers tool could be made to manipulate in | | | | | | ternal data structures in ways unintended by the authors. Malformed in | | | | | | put may lead to crashes (with a buffer overflow or other memory corrup | | | | | | tion) or other unspecified behaviors. This crosses a privilege boundar | | | | | | y in, for example, certain web-hosting environments in which a Control | | | | | | Panel allows an unprivileged user account to create subaccounts. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2017-20002 | passwd | 1:4.4-4.1 | The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists | | | | | | pts/0 and pts/1 as physical terminals in /etc/securetty. This allows l | | | | | | ocal users to login as password-less users even if they are connected | | | | | | by non-physical means such as SSH (hence bypassing PAM's nullok_secure | | | | | | configuration). This notably affects environments such as virtual mac | | | | | | hines automatically generated with a default blank root password, allo | | | | | | wing all local users to escalate privileges. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2018-7169 | passwd | 1:4.4-4.1 | An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is | | | | | | setuid and allows an unprivileged user to be placed in a user namespac | | | | | | e where setgroups(2) is permitted. This allows an attacker to remove t | | | | | | hemselves from a supplementary group, which may allow access to certai | | | | | | n filesystem paths if the administrator has used "group blacklisting" | | | | | | (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively | | | | | | reverts a security feature in the kernel (in particular, the /proc/se | | | | | | lf/setgroups knob) to prevent this sort of privilege escalation. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2018-18311 | perl-base | 5.24.1-3+deb9u3 | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via | | | | | | a crafted regular expression that triggers invalid write operations. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2018-18312 | perl-base | 5.24.1-3+deb9u3 | Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via | | | | | | a crafted regular expression that triggers invalid write operations. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2018-18313 | perl-base | 5.24.1-3+deb9u3 | Perl before 5.26.3 has a buffer over-read via a crafted regular expres | | | | | | sion that triggers disclosure of sensitive information from process me | | | | | | mory. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Critical CVE-2018-18314 | perl-base | 5.24.1-3+deb9u3 | Perl before 5.26.3 has a buffer overflow via a crafted regular express | | | | | | ion that triggers invalid write operations. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-12015 | perl-base | 5.24.1-3+deb9u3 | In Perl through 5.26.2, the Archive::Tar module allows remote attacker | | | | | | s to bypass a directory-traversal protection mechanism, and overwrite | | | | | | arbitrary files, via an archive file containing a symlink and a regula | | | | | | r file with the same name. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-10543 | perl-base | 5.24.1-3+deb9u3 | Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over | | | | | | flow because nested regular expression quantifiers have an integer ove | | | | | | rflow. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-10878 | perl-base | 5.24.1-3+deb9u3 | Perl before 5.30.3 has an integer overflow related to mishandling of a | | | | | | "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expressio | | | | | | n could lead to malformed bytecode with a possibility of instruction i | | | | | | njection. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-12723 | perl-base | 5.24.1-3+deb9u3 | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted | | | | | | regular expression because of recursive S_study_chunk calls. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2020-16156 | perl-base | 5.24.1-3+deb9u3 | CPAN 2.28 allows Signature Verification Bypass. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Medium CVE-2018-20482 | tar | 1.29b-1.1 | GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage | | | | | | during read access, which allows local users to cause a denial of ser | | | | | | vice (infinite read loop in sparse_dump_region in sparse.c) by modifyi | | | | | | ng a file that is supposed to be archived by a different user's proces | | | | | | s (e.g., a system backup running as root). | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2424-1 | tzdata | 2018d-0+deb9u1 | DLA-2424-1 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2509-1 | tzdata | 2018d-0+deb9u1 | DLA-2509-1 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2542-1 | tzdata | 2018d-0+deb9u1 | DLA-2542-1 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2797-1 | tzdata | 2018d-0+deb9u1 | DLA-2797-1 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-2963-1 | tzdata | 2018d-0+deb9u1 | DLA-2963-1 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Unknown DLA-3051-1 | tzdata | 2018d-0+deb9u1 | DLA-3051-1 | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-1000035 | unzip | 6.0-21 | A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 | | | | | | in the processing of password-protected archives that allows an attack | | | | | | er to perform a denial of service or to possibly achieve code executio | | | | | | n. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2019-13232 | unzip | 6.0-21 | Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co | | | | | | ntainer, leading to denial of service (resource consumption), aka a "b | | | | | | etter zip bomb" issue. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2016-2779 | util-linux | 2.29.2-1+deb9u1 | runuser in util-linux allows local users to escape to the parent sessi | | | | | | on via a crafted TIOCSTI ioctl call, which pushes characters to the te | | | | | | rminal's input buffer. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | Low CVE-2021-37600 | util-linux | 2.29.2-1+deb9u1 | An integer overflow in util-linux through 2.37.1 can potentially cause | | | | | | a buffer overflow if an attacker were able to use system resources in | | | | | | a way that leads to a large number in the /proc/sysvipc/sem file. NOT | | | | | | E: this is unexploitable in GNU C Library environments, and possibly i | | | | | | n all realistic environments. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2022-1271 | xz-utils | 5.2.2-1.2+b1 | An arbitrary file write vulnerability was found in GNU gzip's zgrep ut | | | | | | ility. When zgrep is applied on the attacker's chosen file name (for e | | | | | | xample, a crafted file name), this can overwrite an attacker's content | | | | | | to an arbitrary attacker-selected file. This flaw occurs due to insuf | | | | | | ficient validation when processing filenames with two or more newlines | | | | | | where selected content and the target file names are embedded in craf | | | | | | ted multi-line file names. This flaw allows a remote, low privileged a | | | | | | ttacker to force zgrep to write arbitrary files on the system. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ | [31mUnapproved[0m | High CVE-2018-25032 | zlib1g | 1:1.2.8.dfsg-5 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when | | | | | | compressing) if the input has many distant matches. | +------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+ [[32mINFO[0m] [2024-03-22 02:45:47 +0000] [container-scanning] > Scanning container from registry registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0 for vulnerabilities with severity level UNKNOWN or higher, with gcs 6.7.0 and Trivy Version: 0.49.1, advisories updated at 2024-03-21T04:28:14+00:00 [[32mINFO[0m] [2024-03-22 02:46:06 +0000] [container-scanning] > Scanning container from registry registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0 for vulnerabilities with severity level UNKNOWN or higher, with gcs 6.7.0 and Trivy Version: 0.49.1, advisories updated at 2024-03-21T04:28:14+00:00 section_end:1711075571:step_script [0Ksection_start:1711075571:upload_artifacts_on_success [0K[0K[36;1mUploading artifacts for successful job[0;m[0;m [32;1mUploading artifacts...[0;m gl-container-scanning-report.json: found 1 matching artifact files and directories[0;m gl-dependency-scanning-report.json: found 1 matching artifact files and directories[0;m **/gl-sbom-*.cdx.json: found 1 matching artifact files and directories[0;m [0;33mWARNING: Upload request redirected [0;m [0;33mlocation[0;m=https://gitlab.com/api/v4/jobs/6453054504/artifacts?artifact_format=zip&artifact_type=archive [0;33mnew-url[0;m=https://gitlab.com [0;33mWARNING: Retrying... [0;m [0;33mcontext[0;m=artifacts-uploader [0;33merror[0;m=request redirected Uploading artifacts as "archive" to coordinator... 201 Created[0;m id[0;m=6453054504 responseStatus[0;m=201 Created token[0;m=glcbt-65 [32;1mUploading artifacts...[0;m **/gl-sbom-*.cdx.json: found 1 matching artifact files and directories[0;m [0;33mWARNING: Upload request redirected [0;m [0;33mlocation[0;m=https://gitlab.com/api/v4/jobs/6453054504/artifacts?artifact_format=gzip&artifact_type=cyclonedx [0;33mnew-url[0;m=https://gitlab.com [0;33mWARNING: Retrying... [0;m [0;33mcontext[0;m=artifacts-uploader [0;33merror[0;m=request redirected Uploading artifacts as "cyclonedx" to coordinator... 201 Created[0;m id[0;m=6453054504 responseStatus[0;m=201 Created token[0;m=glcbt-65 [32;1mUploading artifacts...[0;m gl-container-scanning-report.json: found 1 matching artifact files and directories[0;m [0;33mWARNING: Upload request redirected [0;m [0;33mlocation[0;m=https://gitlab.com/api/v4/jobs/6453054504/artifacts?artifact_format=raw&artifact_type=container_scanning [0;33mnew-url[0;m=https://gitlab.com [0;33mWARNING: Retrying... [0;m [0;33mcontext[0;m=artifacts-uploader [0;33merror[0;m=request redirected Uploading artifacts as "container_scanning" to coordinator... 201 Created[0;m id[0;m=6453054504 responseStatus[0;m=201 Created token[0;m=glcbt-65 [32;1mUploading artifacts...[0;m gl-dependency-scanning-report.json: found 1 matching artifact files and directories[0;m [0;33mWARNING: Upload request redirected [0;m [0;33mlocation[0;m=https://gitlab.com/api/v4/jobs/6453054504/artifacts?artifact_format=raw&artifact_type=dependency_scanning [0;33mnew-url[0;m=https://gitlab.com [0;33mWARNING: Retrying... [0;m [0;33mcontext[0;m=artifacts-uploader [0;33merror[0;m=request redirected Uploading artifacts as "dependency_scanning" to coordinator... 201 Created[0;m id[0;m=6453054504 responseStatus[0;m=201 Created token[0;m=glcbt-65 section_end:1711075579:upload_artifacts_on_success [0Ksection_start:1711075579:cleanup_file_variables [0K[0K[36;1mCleaning up project directory and file based variables[0;m[0;m section_end:1711075580:cleanup_file_variables [0K[32;1mJob succeeded[0;m