Running with gitlab-runner 16.9.1 (782c6ecb)
  on green-6.saas-linux-small-amd64.runners-manager.gitlab.com/default YKxHNyexq, system ID: s_a201ab37b78a
  feature flags: FF_USE_IMPROVED_URL_MASKING:true
section_start:1711075508:resolve_secrets
Resolving secrets
section_end:1711075508:resolve_secrets
section_start:1711075508:prepare_executor
Preparing the "docker+machine" executor
Using Docker executor with image registry.gitlab.com/security-products/container-scanning:6 ...
Authenticating with credentials from job payload (GitLab Registry)
Pulling docker image registry.gitlab.com/security-products/container-scanning:6 ...
Using docker image sha256:12fc53752df3358a4ad7956d1bbd075bcdd83cfe1900ad571f818428b89b0d98 for registry.gitlab.com/security-products/container-scanning:6 with digest registry.gitlab.com/security-products/container-scanning@sha256:f19447369e4dce920308aa6114dddc15fc0aaf54d88d312fd858377aad98f875 ...
section_end:1711075520:prepare_executor
section_start:1711075520:prepare_script
Preparing environment
Running on runner-ykxhnyexq-project-56086886-concurrent-0 via runner-ykxhnyexq-s-l-s-amd64-1711075222-fedbd671...
section_end:1711075525:prepare_script
section_start:1711075525:get_sources
Getting source from Git repository
Skipping Git repository setup
Skipping Git checkout
Skipping Git submodules setup
section_end:1711075526:get_sources
section_start:1711075526:step_script
Executing "step_script" stage of the job script
Using docker image sha256:12fc53752df3358a4ad7956d1bbd075bcdd83cfe1900ad571f818428b89b0d98 for registry.gitlab.com/security-products/container-scanning:6 with digest registry.gitlab.com/security-products/container-scanning@sha256:f19447369e4dce920308aa6114dddc15fc0aaf54d88d312fd858377aad98f875 ...
$ gtcs scan
[INFO] [2024-03-22 02:45:31 +0000] [container-scanning]  >  Remediation is disabled; /builds/gitlab-org/secure/tests/thiagocsf-secure-tests/test-cs-6.7.0/Dockerfile cannot be found. Have you set `GIT_STRATEGY` and
`CS_DOCKERFILE_PATH`?
See https://docs.gitlab.com/ee/user/application_security/container_scanning/#solutions-for-vulnerabilities-auto-remediation

[INFO] [2024-03-22 02:45:32 +0000] [container-scanning]  >  Scanning container from registry registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0 for vulnerabilities with severity level UNKNOWN or higher, with gcs 6.7.0 and Trivy Version: 0.49.1, advisories updated at 2024-03-21T04:28:14+00:00

+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
|   STATUS   |      CVE SEVERITY       |      PACKAGE NAME      |    PACKAGE VERSION    |                            CVE DESCRIPTION                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-3462    |          apt           |         1.4.8         | Incorrect sanitation of the 302 redirect field in HTTP transport metho |
|            |                         |                        |                       | d of apt versions 1.4.8 and earlier can lead to content injection by a |
|            |                         |                        |                       |  MITM attacker, potentially leading to remote code execution on the ta |
|            |                         |                        |                       |                             rget machine.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-27350  |          apt           |         1.4.8         | APT had several integer overflows and underflows while parsing .deb pa |
|            |                         |                        |                       | ckages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extr |
|            |                         |                        |                       | acttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This |
|            |                         |                        |                       |  issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1 |
|            |                         |                        |                       | .6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions  |
|            |                         |                        |                       | prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0 |
|            |                         |                        |                       |                                  .1;                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-3810   |          apt           |         1.4.8         | Missing input validation in the ar/tar implementations of APT before v |
|            |                         |                        |                       | ersion 2.1.2 could result in denial of service when processing special |
|            |                         |                        |                       |                         ly crafted deb files.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2016-2779    |        bsdutils        |   1:2.29.2-1+deb9u1   | runuser in util-linux allows local users to escape to the parent sessi |
|            |                         |                        |                       | on via a crafted TIOCSTI ioctl call, which pushes characters to the te |
|            |                         |                        |                       |                         rminal's input buffer.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-37600    |        bsdutils        |   1:2.29.2-1+deb9u1   | An integer overflow in util-linux through 2.37.1 can potentially cause |
|            |                         |                        |                       |  a buffer overflow if an attacker were able to use system resources in |
|            |                         |                        |                       |  a way that leads to a large number in the /proc/sysvipc/sem file. NOT |
|            |                         |                        |                       | E: this is unexploitable in GNU C Library environments, and possibly i |
|            |                         |                        |                       |                     n all realistic environments.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-12900 |         bzip2          |       1.0.6-8.1       | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo |
|            |                         |                        |                       |               unds write when there are many selectors.                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2593-1    |    ca-certificates     |     20161130+nmu1     |                               DLA-2593-1                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2016-2781    |       coreutils        |        8.26-3         | chroot in GNU coreutils, when used with --userspec, allows local users |
|            |                         |                        |                       |  to escape to the parent session via a crafted TIOCSTI ioctl call, whi |
|            |                         |                        |                       |          ch pushes characters to the terminal's input buffer.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2948-1    | debian-archive-keyring |        2017.5         |                               DLA-2948-1                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-1664  |          dpkg          |        1.18.24        | Dpkg::Source::Archive in dpkg, the Debian package management system, b |
|            |                         |                        |                       | efore version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory |
|            |                         |                        |                       |  traversal vulnerability. When extracting untrusted source packages in |
|            |                         |                        |                       |  v2 and v3 source package formats that include a debian.tar, the in-pl |
|            |                         |                        |                       | ace extraction can lead to directory traversal situations on specially |
|            |                         |                        |                       |                crafted orig.tar and debian.tar tarballs.               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-1304    |        e2fslibs        |       1.43.4-2        | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. |
|            |                         |                        |                       | 5. This issue leads to a segmentation fault and possibly arbitrary cod |
|            |                         |                        |                       |            e execution via a specially crafted filesystem.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-5094   |        e2fslibs        |       1.43.4-2        | An exploitable code execution vulnerability exists in the quota file f |
|            |                         |                        |                       | unctionality of E2fsprogs 1.45.3. A specially crafted ext4 partition c |
|            |                         |                        |                       | an cause an out-of-bounds write on the heap, resulting in code executi |
|            |                         |                        |                       | on. An attacker can corrupt a partition to trigger this vulnerability. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-5188   |        e2fslibs        |       1.43.4-2        | A code execution vulnerability exists in the directory rehashing funct |
|            |                         |                        |                       | ionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 director |
|            |                         |                        |                       | y can cause an out-of-bounds write on the stack, resulting in code exe |
|            |                         |                        |                       | cution. An attacker can corrupt a partition to trigger this vulnerabil |
|            |                         |                        |                       |                                  ity.                                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-1304    |       e2fsprogs        |       1.43.4-2        | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. |
|            |                         |                        |                       | 5. This issue leads to a segmentation fault and possibly arbitrary cod |
|            |                         |                        |                       |            e execution via a specially crafted filesystem.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-5094   |       e2fsprogs        |       1.43.4-2        | An exploitable code execution vulnerability exists in the quota file f |
|            |                         |                        |                       | unctionality of E2fsprogs 1.45.3. A specially crafted ext4 partition c |
|            |                         |                        |                       | an cause an out-of-bounds write on the heap, resulting in code executi |
|            |                         |                        |                       | on. An attacker can corrupt a partition to trigger this vulnerability. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-5188   |       e2fsprogs        |       1.43.4-2        | A code execution vulnerability exists in the directory rehashing funct |
|            |                         |                        |                       | ionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 director |
|            |                         |                        |                       | y can cause an out-of-bounds write on the stack, resulting in code exe |
|            |                         |                        |                       | cution. An attacker can corrupt a partition to trigger this vulnerabil |
|            |                         |                        |                       |                                  ity.                                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-12886   |       gcc-6-base       |    6.3.0-18+deb9u1    | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu |
|            |                         |                        |                       | nction.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain |
|            |                         |                        |                       |  circumstances) generate instruction sequences when targeting ARM targ |
|            |                         |                        |                       | ets that spill the address of the stack protector guard, which allows  |
|            |                         |                        |                       | an attacker to bypass the protection of -fstack-protector, -fstack-pro |
|            |                         |                        |                       | tector-all, -fstack-protector-strong, and -fstack-protector-explicit a |
|            |                         |                        |                       | gainst stack overflow by controlling what the stack canary is compared |
|            |                         |                        |                       |                                against.                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  High CVE-2018-1000858  |          gpgv          |    2.1.18-8~deb9u1    | GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CS |
|            |                         |                        |                       | RF) vulnerability in dirmngr that can result in Attacker controlled CS |
|            |                         |                        |                       | RF, Information Disclosure, DoS. This attack appear to be exploitable  |
|            |                         |                        |                       | via Victim must perform a WKD request, e.g. enter an email address in  |
|            |                         |                        |                       | the composer window of Thunderbird/Enigmail. This vulnerability appear |
|            |                         |                        |                       | s to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1 |
|            |                         |                        |                       |                                099f060.                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-12020   |          gpgv          |    2.1.18-8~deb9u1    | mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri |
|            |                         |                        |                       | ng decryption and verification actions, which allows remote attackers  |
|            |                         |                        |                       | to spoof the output that GnuPG sends on file descriptor 2 to other pro |
|            |                         |                        |                       | grams that use the "--status-fd 2" option. For example, the OpenPGP da |
|            |                         |                        |                       | ta might represent an original filename that contains line feed charac |
|            |                         |                        |                       |       ters in conjunction with GOODSIG or VALIDSIG status codes.       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-9234    |          gpgv          |    2.1.18-8~deb9u1    | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ce |
|            |                         |                        |                       | rtification requires an offline master Certify key, which results in a |
|            |                         |                        |                       | pparently valid certifications that occurred only with access to a sig |
|            |                         |                        |                       |                              ning subkey.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-14855    |          gpgv          |    2.1.18-8~deb9u1    | A flaw was found in the way certificate signatures could be forged usi |
|            |                         |                        |                       | ng collisions found in the SHA-1 algorithm. An attacker could use this |
|            |                         |                        |                       |  weakness to create forged certificate signatures. This issue affects  |
|            |                         |                        |                       |                     GnuPG versions before 2.2.18.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-1271    |          gzip          |       1.6-5+b1        | An arbitrary file write vulnerability was found in GNU gzip's zgrep ut |
|            |                         |                        |                       | ility. When zgrep is applied on the attacker's chosen file name (for e |
|            |                         |                        |                       | xample, a crafted file name), this can overwrite an attacker's content |
|            |                         |                        |                       |  to an arbitrary attacker-selected file. This flaw occurs due to insuf |
|            |                         |                        |                       | ficient validation when processing filenames with two or more newlines |
|            |                         |                        |                       |  where selected content and the target file names are embedded in craf |
|            |                         |                        |                       | ted multi-line file names. This flaw allows a remote, low privileged a |
|            |                         |                        |                       |     ttacker to force zgrep to write arbitrary files on the system.     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-3462    |     libapt-pkg5.0      |         1.4.8         | Incorrect sanitation of the 302 redirect field in HTTP transport metho |
|            |                         |                        |                       | d of apt versions 1.4.8 and earlier can lead to content injection by a |
|            |                         |                        |                       |  MITM attacker, potentially leading to remote code execution on the ta |
|            |                         |                        |                       |                             rget machine.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-27350  |     libapt-pkg5.0      |         1.4.8         | APT had several integer overflows and underflows while parsing .deb pa |
|            |                         |                        |                       | ckages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extr |
|            |                         |                        |                       | acttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This |
|            |                         |                        |                       |  issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1 |
|            |                         |                        |                       | .6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions  |
|            |                         |                        |                       | prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0 |
|            |                         |                        |                       |                                  .1;                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-3810   |     libapt-pkg5.0      |         1.4.8         | Missing input validation in the ar/tar implementations of APT before v |
|            |                         |                        |                       | ersion 2.1.2 could result in denial of service when processing special |
|            |                         |                        |                       |                         ly crafted deb files.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-26720   |    libavahi-client3    |       0.6.32-2        | avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is |
|            |                         |                        |                       |  executed as root via /etc/network/if-up.d/avahi-daemon, and allows a  |
|            |                         |                        |                       | local attacker to cause a denial of service or create arbitrary empty  |
|            |                         |                        |                       | files via a symlink attack on files under /run/avahi-daemon. NOTE: thi |
|            |                         |                        |                       | s only affects the packaging for Debian GNU/Linux (used indirectly by  |
|            |                         |                        |                       |                 SUSE), not the upstream Avahi product.                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-3468   |    libavahi-client3    |       0.6.32-2        | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to |
|            |                         |                        |                       |  signal the termination of the client connection on the avahi Unix soc |
|            |                         |                        |                       | ket is not correctly handled in the client_work function, allowing a l |
|            |                         |                        |                       | ocal attacker to trigger an infinite loop. The highest threat from thi |
|            |                         |                        |                       | s vulnerability is to the availability of the avahi service, which bec |
|            |                         |                        |                       |            omes unresponsive after this flaw is triggered.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-26720   |  libavahi-common-data  |       0.6.32-2        | avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is |
|            |                         |                        |                       |  executed as root via /etc/network/if-up.d/avahi-daemon, and allows a  |
|            |                         |                        |                       | local attacker to cause a denial of service or create arbitrary empty  |
|            |                         |                        |                       | files via a symlink attack on files under /run/avahi-daemon. NOTE: thi |
|            |                         |                        |                       | s only affects the packaging for Debian GNU/Linux (used indirectly by  |
|            |                         |                        |                       |                 SUSE), not the upstream Avahi product.                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-3468   |  libavahi-common-data  |       0.6.32-2        | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to |
|            |                         |                        |                       |  signal the termination of the client connection on the avahi Unix soc |
|            |                         |                        |                       | ket is not correctly handled in the client_work function, allowing a l |
|            |                         |                        |                       | ocal attacker to trigger an infinite loop. The highest threat from thi |
|            |                         |                        |                       | s vulnerability is to the availability of the avahi service, which bec |
|            |                         |                        |                       |            omes unresponsive after this flaw is triggered.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-26720   |    libavahi-common3    |       0.6.32-2        | avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is |
|            |                         |                        |                       |  executed as root via /etc/network/if-up.d/avahi-daemon, and allows a  |
|            |                         |                        |                       | local attacker to cause a denial of service or create arbitrary empty  |
|            |                         |                        |                       | files via a symlink attack on files under /run/avahi-daemon. NOTE: thi |
|            |                         |                        |                       | s only affects the packaging for Debian GNU/Linux (used indirectly by  |
|            |                         |                        |                       |                 SUSE), not the upstream Avahi product.                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-3468   |    libavahi-common3    |       0.6.32-2        | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to |
|            |                         |                        |                       |  signal the termination of the client connection on the avahi Unix soc |
|            |                         |                        |                       | ket is not correctly handled in the client_work function, allowing a l |
|            |                         |                        |                       | ocal attacker to trigger an infinite loop. The highest threat from thi |
|            |                         |                        |                       | s vulnerability is to the availability of the avahi service, which bec |
|            |                         |                        |                       |            omes unresponsive after this flaw is triggered.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2016-2779    |       libblkid1        |    2.29.2-1+deb9u1    | runuser in util-linux allows local users to escape to the parent sessi |
|            |                         |                        |                       | on via a crafted TIOCSTI ioctl call, which pushes characters to the te |
|            |                         |                        |                       |                         rminal's input buffer.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-37600    |       libblkid1        |    2.29.2-1+deb9u1    | An integer overflow in util-linux through 2.37.1 can potentially cause |
|            |                         |                        |                       |  a buffer overflow if an attacker were able to use system resources in |
|            |                         |                        |                       |  a way that leads to a large number in the /proc/sysvipc/sem file. NOT |
|            |                         |                        |                       | E: this is unexploitable in GNU C Library environments, and possibly i |
|            |                         |                        |                       |                     n all realistic environments.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-20367 |        libbsd0         |        0.8.3-1        | nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com |
|            |                         |                        |                       |       parison for a symbol name from the string table (strtab).        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-12900 |       libbz2-1.0       |       1.0.6-8.1       | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo |
|            |                         |                        |                       |               unds write when there are many selectors.                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2017-18269 |        libc-bin        |    2.24-11+deb9u3     | An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 |
|            |                         |                        |                       | /multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or  |
|            |                         |                        |                       | libc6) 2.21 through 2.27 does not correctly perform the overlapping me |
|            |                         |                        |                       | mory check if the source memory range spans the middle of the address  |
|            |                         |                        |                       | space, resulting in corrupt data being produced by the copy operation. |
|            |                         |                        |                       |  This may disclose information to context-dependent attackers, or resu |
|            |                         |                        |                       |        lt in a denial of service, or, possibly, code execution.        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  High CVE-2017-1000408  |        libc-bin        |    2.24-11+deb9u3     | A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached |
|            |                         |                        |                       |  and amplified through the LD_HWCAP_MASK environment variable. Please  |
|            |                         |                        |                       | note that many versions of glibc are not vulnerable to this issue if p |
|            |                         |                        |                       |                      atched for CVE-2017-1000366.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  High CVE-2017-1000409  |        libc-bin        |    2.24-11+deb9u3     | A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca |
|            |                         |                        |                       | n be triggered through the LD_LIBRARY_PATH environment variable. Pleas |
|            |                         |                        |                       | e note that many versions of glibc are not vulnerable to this issue if |
|            |                         |                        |                       |                      patched for CVE-2017-1000366.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2017-16997   |        libc-bin        |    2.24-11+deb9u3     | elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 |
|            |                         |                        |                       | .26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged ( |
|            |                         |                        |                       | setuid or AT_SECURE) program, which allows local users to gain privile |
|            |                         |                        |                       | ges via a Trojan horse library in the current working directory, relat |
|            |                         |                        |                       | ed to the fillin_rpath and decompose_rpath functions. This is associat |
|            |                         |                        |                       | ed with misinterpretion of an empty RPATH/RUNPATH token as the "./" di |
|            |                         |                        |                       | rectory. NOTE: this configuration of RPATH/RUNPATH for a privileged pr |
|            |                         |                        |                       | ogram is apparently very uncommon; most likely, no such program is shi |
|            |                         |                        |                       |                pped with any common Linux distribution.                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-15670    |        libc-bin        |    2.24-11+deb9u3     | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- |
|            |                         |                        |                       | one error leading to a heap-based buffer overflow in the glob function |
|            |                         |                        |                       |  in glob.c, related to the processing of home directories using the ~  |
|            |                         |                        |                       |                  operator followed by a long string.                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-15671    |        libc-bin        |    2.24-11+deb9u3     | The glob function in glob.c in the GNU C Library (aka glibc or libc6)  |
|            |                         |                        |                       | before 2.27, when invoked with GLOB_TILDE, could skip freeing allocate |
|            |                         |                        |                       | d memory when processing the ~ operator with a long user name, potenti |
|            |                         |                        |                       |           ally leading to a denial of service (memory leak).           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-15804    |        libc-bin        |    2.24-11+deb9u3     | The glob function in glob.c in the GNU C Library (aka glibc or libc6)  |
|            |                         |                        |                       | before 2.27 contains a buffer overflow during unescaping of user names |
|            |                         |                        |                       |                          with the ~ operator.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-11236    |        libc-bin        |    2.24-11+deb9u3     | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a |
|            |                         |                        |                       | nd earlier, when processing very long pathname arguments to the realpa |
|            |                         |                        |                       | th function, could encounter an integer overflow on 32-bit architectur |
|            |                         |                        |                       | es, leading to a stack-based buffer overflow and, potentially, arbitra |
|            |                         |                        |                       |                           ry code execution.                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-11237    |        libc-bin        |    2.24-11+deb9u3     | An AVX-512-optimized implementation of the mempcpy function in the GNU |
|            |                         |                        |                       |  C Library (aka glibc or libc6) 2.27 and earlier may write data beyond |
|            |                         |                        |                       |  the target buffer, leading to a buffer overflow in __mempcpy_avx512_n |
|            |                         |                        |                       |                             o_vzeroupper.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2017-18269 |         libc6          |    2.24-11+deb9u3     | An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 |
|            |                         |                        |                       | /multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or  |
|            |                         |                        |                       | libc6) 2.21 through 2.27 does not correctly perform the overlapping me |
|            |                         |                        |                       | mory check if the source memory range spans the middle of the address  |
|            |                         |                        |                       | space, resulting in corrupt data being produced by the copy operation. |
|            |                         |                        |                       |  This may disclose information to context-dependent attackers, or resu |
|            |                         |                        |                       |        lt in a denial of service, or, possibly, code execution.        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  High CVE-2017-1000408  |         libc6          |    2.24-11+deb9u3     | A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached |
|            |                         |                        |                       |  and amplified through the LD_HWCAP_MASK environment variable. Please  |
|            |                         |                        |                       | note that many versions of glibc are not vulnerable to this issue if p |
|            |                         |                        |                       |                      atched for CVE-2017-1000366.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  High CVE-2017-1000409  |         libc6          |    2.24-11+deb9u3     | A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca |
|            |                         |                        |                       | n be triggered through the LD_LIBRARY_PATH environment variable. Pleas |
|            |                         |                        |                       | e note that many versions of glibc are not vulnerable to this issue if |
|            |                         |                        |                       |                      patched for CVE-2017-1000366.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2017-16997   |         libc6          |    2.24-11+deb9u3     | elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 |
|            |                         |                        |                       | .26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged ( |
|            |                         |                        |                       | setuid or AT_SECURE) program, which allows local users to gain privile |
|            |                         |                        |                       | ges via a Trojan horse library in the current working directory, relat |
|            |                         |                        |                       | ed to the fillin_rpath and decompose_rpath functions. This is associat |
|            |                         |                        |                       | ed with misinterpretion of an empty RPATH/RUNPATH token as the "./" di |
|            |                         |                        |                       | rectory. NOTE: this configuration of RPATH/RUNPATH for a privileged pr |
|            |                         |                        |                       | ogram is apparently very uncommon; most likely, no such program is shi |
|            |                         |                        |                       |                pped with any common Linux distribution.                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-15670    |         libc6          |    2.24-11+deb9u3     | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- |
|            |                         |                        |                       | one error leading to a heap-based buffer overflow in the glob function |
|            |                         |                        |                       |  in glob.c, related to the processing of home directories using the ~  |
|            |                         |                        |                       |                  operator followed by a long string.                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-15671    |         libc6          |    2.24-11+deb9u3     | The glob function in glob.c in the GNU C Library (aka glibc or libc6)  |
|            |                         |                        |                       | before 2.27, when invoked with GLOB_TILDE, could skip freeing allocate |
|            |                         |                        |                       | d memory when processing the ~ operator with a long user name, potenti |
|            |                         |                        |                       |           ally leading to a denial of service (memory leak).           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-15804    |         libc6          |    2.24-11+deb9u3     | The glob function in glob.c in the GNU C Library (aka glibc or libc6)  |
|            |                         |                        |                       | before 2.27 contains a buffer overflow during unescaping of user names |
|            |                         |                        |                       |                          with the ~ operator.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-11236    |         libc6          |    2.24-11+deb9u3     | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a |
|            |                         |                        |                       | nd earlier, when processing very long pathname arguments to the realpa |
|            |                         |                        |                       | th function, could encounter an integer overflow on 32-bit architectur |
|            |                         |                        |                       | es, leading to a stack-based buffer overflow and, potentially, arbitra |
|            |                         |                        |                       |                           ry code execution.                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-11237    |         libc6          |    2.24-11+deb9u3     | An AVX-512-optimized implementation of the mempcpy function in the GNU |
|            |                         |                        |                       |  C Library (aka glibc or libc6) 2.27 and earlier may write data beyond |
|            |                         |                        |                       |  the target buffer, leading to a buffer overflow in __mempcpy_avx512_n |
|            |                         |                        |                       |                             o_vzeroupper.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-1304    |       libcomerr2       |       1.43.4-2        | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. |
|            |                         |                        |                       | 5. This issue leads to a segmentation fault and possibly arbitrary cod |
|            |                         |                        |                       |            e execution via a specially crafted filesystem.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-5094   |       libcomerr2       |       1.43.4-2        | An exploitable code execution vulnerability exists in the quota file f |
|            |                         |                        |                       | unctionality of E2fsprogs 1.45.3. A specially crafted ext4 partition c |
|            |                         |                        |                       | an cause an out-of-bounds write on the heap, resulting in code executi |
|            |                         |                        |                       | on. An attacker can corrupt a partition to trigger this vulnerability. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-5188   |       libcomerr2       |       1.43.4-2        | A code execution vulnerability exists in the directory rehashing funct |
|            |                         |                        |                       | ionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 director |
|            |                         |                        |                       | y can cause an out-of-bounds write on the stack, resulting in code exe |
|            |                         |                        |                       | cution. An attacker can corrupt a partition to trigger this vulnerabil |
|            |                         |                        |                       |                                  ity.                                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2017-15400   |        libcups2        |    2.2.1-8+deb9u1     | Insufficient restriction of IPP filters in CUPS in Google Chrome OS pr |
|            |                         |                        |                       | ior to 62.0.3202.74 allowed a remote attacker to execute a command wit |
|            |                         |                        |                       | h the same privileges as the cups daemon via a crafted PPD file, aka a |
|            |                         |                        |                       |                     printer zeroconfig CRLF issue.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-4180    |        libcups2        |    2.2.1-8+deb9u1     | In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is |
|            |                         |                        |                       |          sue was addressed with improved access restrictions.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-6553    |        libcups2        |    2.2.1-8+deb9u1     | The CUPS AppArmor profile incorrectly confined the dnssd backend due t |
|            |                         |                        |                       | o use of hard links. A local attacker could possibly use this issue to |
|            |                         |                        |                       |  escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu |
|            |                         |                        |                       | 2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, pr |
|            |                         |                        |                       | ior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubunt |
|            |                         |                        |                       |                       u1.10 in Ubuntu 14.04 LTS.                       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-8675    |        libcups2        |    2.2.1-8+deb9u1     | A buffer overflow issue was addressed with improved memory handling. T |
|            |                         |                        |                       | his issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 H |
|            |                         |                        |                       | igh Sierra, Security Update 2019-004 Sierra. An attacker in a privileg |
|            |                         |                        |                       |       ed network position may be able to execute arbitrary code.       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-8696    |        libcups2        |    2.2.1-8+deb9u1     | A buffer overflow issue was addressed with improved memory handling. T |
|            |                         |                        |                       | his issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 H |
|            |                         |                        |                       | igh Sierra, Security Update 2019-004 Sierra. An attacker in a privileg |
|            |                         |                        |                       |       ed network position may be able to execute arbitrary code.       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-3898    |        libcups2        |    2.2.1-8+deb9u1     | A memory corruption issue was addressed with improved validation. This |
|            |                         |                        |                       |  issue is fixed in macOS Catalina 10.15.4. An application may be able  |
|            |                         |                        |                       |                      to gain elevated privileges.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2017-18248  |        libcups2        |    2.2.1-8+deb9u1     | The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-B |
|            |                         |                        |                       | us support is enabled, can be crashed by remote attackers by sending p |
|            |                         |                        |                       |  rint jobs with an invalid username, related to a D-Bus notification.  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-4181   |        libcups2        |    2.2.1-8+deb9u1     | In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is |
|            |                         |                        |                       |          sue was addressed with improved access restrictions.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-4300   |        libcups2        |    2.2.1-8+deb9u1     | The session cookie generated by the CUPS web interface was easy to gue |
|            |                         |                        |                       | ss on Linux, allowing unauthorized scripted access to the web interfac |
|            |                         |                        |                       | e when the web interface is enabled. This issue affected versions prio |
|            |                         |                        |                       |                             r to v2.2.10.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2180   |        libcups2        |    2.2.1-8+deb9u1     | In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possi |
|            |                         |                        |                       | ble out of bounds read due to improper input validation. This could le |
|            |                         |                        |                       | ad to local information disclosure from the printer service with no ad |
|            |                         |                        |                       | ditional execution privileges needed. User interaction is not needed f |
|            |                         |                        |                       |                            or exploitation.                            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2228   |        libcups2        |    2.2.1-8+deb9u1     | In array_find of array.c, there is a possible out-of-bounds read due t |
|            |                         |                        |                       | o an incorrect bounds check. This could lead to local information disc |
|            |                         |                        |                       | losure in the printer spooler with no additional execution privileges  |
|            |                         |                        |                       | needed. User interaction is not needed for exploitation.Product: Andro |
|            |                         |                        |                       | idVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A- |
|            |                         |                        |                       |                               111210196                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-10001  |        libcups2        |    2.2.1-8+deb9u1     | An input validation issue was addressed with improved memory handling. |
|            |                         |                        |                       |  This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 C |
|            |                         |                        |                       | atalina, Security Update 2020-007 Mojave. A malicious application may  |
|            |                         |                        |                       |                   be able to read restricted memory.                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-26691  |        libcups2        |    2.2.1-8+deb9u1     | A logic issue was addressed with improved state management. This issue |
|            |                         |                        |                       |  is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, m |
|            |                         |                        |                       | acOS Big Sur 11.6.5. An application may be able to gain elevated privi |
|            |                         |                        |                       |                                 leges.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-8842    |        libcups2        |    2.2.1-8+deb9u1     | A buffer overflow was addressed with improved bounds checking. This is |
|            |                         |                        |                       | sue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojav |
|            |                         |                        |                       | e, and Security Update 2019-007 High Sierra. In certain configurations |
|            |                         |                        |                       |    , a remote attacker may be able to submit arbitrary print jobs.     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-8457  |        libdb5.3        |   5.3.28-12+deb9u1    | SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o |
|            |                         |                        |                       | f-bound read in the rtreenode() function when handling invalid rtree t |
|            |                         |                        |                       |                                 ables.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-12749   |      libdbus-1-3       |   1.10.26-0+deb9u1    | dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, |
|            |                         |                        |                       |  as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in so |
|            |                         |                        |                       | me, less common, uses of dbus-daemon), allows cookie spoofing because  |
|            |                         |                        |                       | of symlink mishandling in the reference implementation of DBUS_COOKIE_ |
|            |                         |                        |                       | SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 a |
|            |                         |                        |                       | uthentication mechanism.) A malicious client with write access to its  |
|            |                         |                        |                       | own home directory could manipulate a ~/.dbus-keyrings symlink to caus |
|            |                         |                        |                       | e a DBusServer with a different uid to read and write in unintended lo |
|            |                         |                        |                       | cations. In the worst case, this could result in the DBusServer reusin |
|            |                         |                        |                       | g a cookie that is known to the malicious client, and treating that co |
|            |                         |                        |                       | okie as evidence that a subsequent client connection came from an atta |
|            |                         |                        |                       |            cker-chosen uid, allowing authentication bypass.            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-35512   |      libdbus-1-3       |   1.10.26-0+deb9u1    | A use-after-free flaw was found in D-Bus Development branch <= 1.13.16 |
|            |                         |                        |                       | , dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older bran |
|            |                         |                        |                       | ches <= 1.10.30 when a system has multiple usernames sharing the same  |
|            |                         |                        |                       | UID. When a set of policy rules references these usernames, D-Bus may  |
|            |                         |                        |                       | free some memory in the heap, which is still used by data structures n |
|            |                         |                        |                       | ecessary for the other usernames sharing the UID, possibly leading to  |
|            |                         |                        |                       |                  a crash or other undefined behaviors                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-12049  |      libdbus-1-3       |   1.10.26-0+deb9u1    | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServe |
|            |                         |                        |                       | r in libdbus, as used in dbus-daemon, leaks file descriptors when a me |
|            |                         |                        |                       | ssage exceeds the per-message file descriptor limit. A local attacker  |
|            |                         |                        |                       | with access to the D-Bus system bus or another system service's privat |
|            |                         |                        |                       | e AF_UNIX socket could use this to make the system service reach its f |
|            |                         |                        |                       |   ile descriptor limit, denying service to subsequent D-Bus clients.   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-22822 |       libexpat1        |    2.2.0-2+deb9u1     | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i |
|            |                         |                        |                       |                            nteger overflow.                            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-22823 |       libexpat1        |    2.2.0-2+deb9u1     | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an  |
|            |                         |                        |                       |                           integer overflow.                            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-22824 |       libexpat1        |    2.2.0-2+deb9u1     | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has |
|            |                         |                        |                       |                          an integer overflow.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-23852 |       libexpat1        |    2.2.0-2+deb9u1     | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML |
|            |                         |                        |                       |    _GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-25235 |       libexpat1        |    2.2.0-2+deb9u1     | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid |
|            |                         |                        |                       | ation of encoding, such as checks for whether a UTF-8 character is val |
|            |                         |                        |                       |                        id in a certain context.                        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-25236 |       libexpat1        |    2.2.0-2+deb9u1     | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in |
|            |                         |                        |                       |        sert namespace-separator characters into namespace URIs.        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-25315 |       libexpat1        |    2.2.0-2+deb9u1     | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in  |
|            |                         |                        |                       |                             storeRawNames.                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-20843   |       libexpat1        |    2.2.0-2+deb9u1     | In libexpat in Expat before 2.2.7, XML input including XML names that  |
|            |                         |                        |                       | contain a large number of colons could make the XML parser consume a h |
|            |                         |                        |                       | igh amount of RAM and CPU resources while processing (enough to be usa |
|            |                         |                        |                       |                  ble for denial-of-service attacks).                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-15903   |       libexpat1        |    2.2.0-2+deb9u1     | In libexpat before 2.2.8, crafted XML input could fool the parser into |
|            |                         |                        |                       |  changing from DTD parsing to document parsing too early; a consecutiv |
|            |                         |                        |                       | e call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) the |
|            |                         |                        |                       |              n resulted in a heap-based buffer over-read.              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-45960   |       libexpat1        |    2.2.0-2+deb9u1     | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla |
|            |                         |                        |                       | ces in the storeAtts function in xmlparse.c can lead to realloc misbeh |
|            |                         |                        |                       |    avior (e.g., allocating too few bytes, or only freeing memory).     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-46143   |       libexpat1        |    2.2.0-2+deb9u1     | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int |
|            |                         |                        |                       |                 eger overflow exists for m_groupSize.                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-22825   |       libexpat1        |    2.2.0-2+deb9u1     | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ |
|            |                         |                        |                       |                              er overflow.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-22826   |       libexpat1        |    2.2.0-2+deb9u1     | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha |
|            |                         |                        |                       |                         s an integer overflow.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-22827   |       libexpat1        |    2.2.0-2+deb9u1     | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in |
|            |                         |                        |                       |                            teger overflow.                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-23990   |       libexpat1        |    2.2.0-2+deb9u1     | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro |
|            |                         |                        |                       |                             log function.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-25313  |       libexpat1        |    2.2.0-2+deb9u1     | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack ex |
|            |                         |                        |                       | haustion in build_model via a large nesting depth in the DTD element.  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2016-2779    |       libfdisk1        |    2.29.2-1+deb9u1    | runuser in util-linux allows local users to escape to the parent sessi |
|            |                         |                        |                       | on via a crafted TIOCSTI ioctl call, which pushes characters to the te |
|            |                         |                        |                       |                         rminal's input buffer.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-37600    |       libfdisk1        |    2.29.2-1+deb9u1    | An integer overflow in util-linux through 2.37.1 can potentially cause |
|            |                         |                        |                       |  a buffer overflow if an attacker were able to use system resources in |
|            |                         |                        |                       |  a way that leads to a large number in the /proc/sysvipc/sem file. NOT |
|            |                         |                        |                       | E: this is unexploitable in GNU C Library environments, and possibly i |
|            |                         |                        |                       |                     n all realistic environments.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-27404 |      libfreetype6      |       2.6.3-3.2       | FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovere |
|            |                         |                        |                       |  d to contain a heap buffer overflow via the function sfnt_init_face.  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-27405   |      libfreetype6      |       2.6.3-3.2       | FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovere |
|            |                         |                        |                       | d to contain a segmentation violation via the function FNT_Size_Reques |
|            |                         |                        |                       |                                   t.                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-27406   |      libfreetype6      |       2.6.3-3.2       | FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovere |
|            |                         |                        |                       | d to contain a segmentation violation via the function FT_Request_Size |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-15999  |      libfreetype6      |       2.6.3-3.2       | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.1 |
|            |                         |                        |                       | 11 allowed a remote attacker to potentially exploit heap corruption vi |
|            |                         |                        |                       |                         a a crafted HTML page.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-12886   |        libgcc1         |   1:6.3.0-18+deb9u1   | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu |
|            |                         |                        |                       | nction.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain |
|            |                         |                        |                       |  circumstances) generate instruction sequences when targeting ARM targ |
|            |                         |                        |                       | ets that spill the address of the stack protector guard, which allows  |
|            |                         |                        |                       | an attacker to bypass the protection of -fstack-protector, -fstack-pro |
|            |                         |                        |                       | tector-all, -fstack-protector-strong, and -fstack-protector-explicit a |
|            |                         |                        |                       | gainst stack overflow by controlling what the stack canary is compared |
|            |                         |                        |                       |                                against.                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-33560   |      libgcrypt20       |    1.7.6-2+deb9u2     | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry |
|            |                         |                        |                       | ption because it lacks exponent blinding to address a side-channel att |
|            |                         |                        |                       | ack against mpi_powm, and the window size is not chosen appropriately. |
|            |                         |                        |                       |          This, for example, affects use of ElGamal in OpenPGP.         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-0495   |      libgcrypt20       |    1.7.6-2+deb9u2     | Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache s |
|            |                         |                        |                       | ide-channel attack on ECDSA signatures that can be mitigated through t |
|            |                         |                        |                       | he use of blinding during the signing process in the _gcry_ecc_ecdsa_s |
|            |                         |                        |                       | ign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Numbe |
|            |                         |                        |                       | r Problem or ROHNP. To discover an ECDSA key, the attacker needs acces |
|            |                         |                        |                       | s to either the local machine or a different virtual machine on the sa |
|            |                         |                        |                       |                           me physical host.                            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-13627  |      libgcrypt20       |    1.7.6-2+deb9u2     | It was discovered that there was a ECDSA timing attack in the libgcryp |
|            |                         |                        |                       | t20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3,  |
|            |                         |                        |                       |    and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-40528  |      libgcrypt20       |    1.7.6-2+deb9u2     | The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext  |
|            |                         |                        |                       | recovery because, during interaction between two cryptographic librari |
|            |                         |                        |                       | es, a certain dangerous combination of the prime defined by the receiv |
|            |                         |                        |                       | er's public key, the generator defined by the receiver's public key, a |
|            |                         |                        |                       | nd the sender's ephemeral exponents can lead to a cross-configuration  |
|            |                         |                        |                       |                        attack against OpenPGP.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-43618   |        libgmp10        |    2:6.1.2+dfsg-1     | GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m |
|            |                         |                        |                       | pz/inp_raw.c integer overflow and resultant buffer overflow via crafte |
|            |                         |                        |                       |     d input, leading to a segmentation fault on 32-bit platforms.      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-3829    |      libgnutls30       |    3.5.8-5+deb9u3     | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7.  |
|            |                         |                        |                       | A memory corruption (double free) vulnerability in the certificate ver |
|            |                         |                        |                       | ification API. Any client or server application that verifies X.509 ce |
|            |                         |                        |                       |           rtificates with GnuTLS 3.5.8 or later is affected.           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-10844  |      libgnutls30       |    3.5.8-5+deb9u3     | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulner |
|            |                         |                        |                       | able to a Lucky thirteen style attack. Remote attackers could use this |
|            |                         |                        |                       |  flaw to conduct distinguishing attacks and plaintext-recovery attacks |
|            |                         |                        |                       |     via statistical analysis of timing data using crafted packets.     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-10845  |      libgnutls30       |    3.5.8-5+deb9u3     | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulner |
|            |                         |                        |                       | able to a Lucky thirteen style attack. Remote attackers could use this |
|            |                         |                        |                       |  flaw to conduct distinguishing attacks and plain text recovery attack |
|            |                         |                        |                       |    s via statistical analysis of timing data using crafted packets.    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-10846  |      libgnutls30       |    3.5.8-5+deb9u3     | A cache-based side channel in GnuTLS implementation that leads to plai |
|            |                         |                        |                       | n text recovery in cross-VM attack setting was found. An attacker coul |
|            |                         |                        |                       | d use a combination of "Just in Time" Prime+probe attack in combinatio |
|            |                         |                        |                       |  n with Lucky-13 attack to recover plain text using crafted packets.   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-16868  |      libgnutls30       |    3.5.8-5+deb9u3     | A Bleichenbacher type side-channel based padding oracle attack was fou |
|            |                         |                        |                       | nd in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 |
|            |                         |                        |                       |  data. An attacker who is able to run process on the same physical cor |
|            |                         |                        |                       | e as the victim process, could use this to extract plaintext or in som |
|            |                         |                        |                       |     e cases downgrade any TLS connections to a vulnerable server.      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-4209   |      libgnutls30       |    3.5.8-5+deb9u3     | A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash  |
|            |                         |                        |                       | update functions internally call memcpy, providing zero-length input m |
|            |                         |                        |                       | ay cause undefined behavior. This flaw leads to a denial of service af |
|            |                         |                        |                       |               ter authentication in rare circumstances.                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2759-1    |      libgnutls30       |    3.5.8-5+deb9u3     |                               DLA-2759-1                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-28196   |    libgssapi-krb5-2    |     1.15-1+deb9u1     | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow |
|            |                         |                        |                       | s unbounded recursion via an ASN.1-encoded Kerberos message because th |
|            |                         |                        |                       | e lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lack |
|            |                         |                        |                       |                          s a recursion limit.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-20217  |    libgssapi-krb5-2    |     1.15-1+deb9u1     | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos  |
|            |                         |                        |                       | 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket us |
|            |                         |                        |                       | ing an older encryption type (single-DES, triple-DES, or RC4), the att |
|            |                         |                        |                       |         acker can crash the KDC by making an S4U2Self request.         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5710   |    libgssapi-krb5-2    |     1.15-1+deb9u1     | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The |
|            |                         |                        |                       |  pre-defined function "strlen" is getting a "NULL" string as a paramet |
|            |                         |                        |                       | er value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key  |
|            |                         |                        |                       | Distribution Center (KDC), which allows remote authenticated users to  |
|            |                         |                        |                       | cause a denial of service (NULL pointer dereference) via a modified ka |
|            |                         |                        |                       |                              dmin client.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5729   |    libgssapi-krb5-2    |     1.15-1+deb9u1     | MIT krb5 1.6 or later allows an authenticated kadmin with permission t |
|            |                         |                        |                       | o add principals to an LDAP Kerberos database to cause a denial of ser |
|            |                         |                        |                       | vice (NULL pointer dereference) or bypass a DN container check by supp |
|            |                         |                        |                       |       lying tagged data that is internal to the database module.       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-37750  |    libgssapi-krb5-2    |     1.15-1+deb9u1     | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before  |
|            |                         |                        |                       | 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/ |
|            |                         |                        |                       |     do_tgs_req.c via a FAST inner body that lacks a server field.      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-11462    |    libgssapi-krb5-2    |     1.15-1+deb9u1     | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker |
|            |                         |                        |                       | s to have unspecified impact via vectors involving automatic deletion  |
|            |                         |                        |                       |                     of security contexts on error.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-5730    |    libgssapi-krb5-2    |     1.15-1+deb9u1     | MIT krb5 1.6 or later allows an authenticated kadmin with permission t |
|            |                         |                        |                       | o add principals to an LDAP Kerberos database to circumvent a DN conta |
|            |                         |                        |                       | inership check by supplying both a "linkdn" and "containerdn" database |
|            |                         |                        |                       |  argument, or by supplying a DN string which is a left extension of a  |
|            |                         |                        |                       | container DN string but is not hierarchically within the container DN. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-20305   |      libhogweed4       |       3.3-1+b2        | A flaw was found in Nettle in versions before 3.7.2, where several Net |
|            |                         |                        |                       | tle signature verification functions (GOST DSA, EDDSA & ECDSA) result  |
|            |                         |                        |                       | in the Elliptic Curve Cryptography point (ECC) multiply function being |
|            |                         |                        |                       |  called with out-of-range scalers, possibly resulting in incorrect res |
|            |                         |                        |                       | ults. This flaw allows an attacker to force an invalid signature, caus |
|            |                         |                        |                       | ing an assertion failure or possible validation. The highest threat to |
|            |                         |                        |                       |  this vulnerability is to confidentiality, integrity, as well as syste |
|            |                         |                        |                       |                            m availability.                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-3580    |      libhogweed4       |       3.3-1+b2        | A flaw was found in the way nettle's RSA decryption functions handled  |
|            |                         |                        |                       | specially crafted ciphertext. An attacker could use this flaw to provi |
|            |                         |                        |                       | de a manipulated ciphertext leading to application crash and denial of |
|            |                         |                        |                       |                                service.                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-16869  |      libhogweed4       |       3.3-1+b2        | A Bleichenbacher type side-channel based padding oracle attack was fou |
|            |                         |                        |                       | nd in the way nettle handles endian conversion of RSA decrypted PKCS#1 |
|            |                         |                        |                       |  v1.5 data. An attacker who is able to run a process on the same physi |
|            |                         |                        |                       | cal core as the victim process, could use this flaw extract plaintext  |
|            |                         |                        |                       | or in some cases downgrade any TLS connections to a vulnerable server. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2017-14062 |        libidn11        |        1.33-1         | Integer overflow in the decode_digit function in puny_decode.c in Libi |
|            |                         |                        |                       | dn2 before 2.0.4 allows remote attackers to cause a denial of service  |
|            |                         |                        |                       |               or possibly have unspecified other impact.               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-2201    |    libjpeg62-turbo     |       1:1.5.1-2       | In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is |
|            |                         |                        |                       |  a possible out of bounds write due to a missing bounds check. This co |
|            |                         |                        |                       | uld lead to remote code execution in an unprivileged process with no a |
|            |                         |                        |                       | dditional execution privileges needed. User interaction is needed for  |
|            |                         |                        |                       | exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android |
|            |                         |                        |                       |                  -9 Android-10Android ID: A-120551338                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-13790   |    libjpeg62-turbo     |       1:1.5.1-2       | libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r |
|            |                         |                        |                       |    ead in get_rgb_row() in rdppm.c via a malformed PPM input file.     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-14152   |    libjpeg62-turbo     |       1:1.5.1-2       | In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. |
|            |                         |                        |                       | c in djpeg does not honor the max_memory_to_use setting, possibly caus |
|            |                         |                        |                       |                   ing excessive memory consumption.                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-1152   |    libjpeg62-turbo     |       1:1.5.1-2       | libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit |
|            |                         |                        |                       |   y caused by a divide by zero when processing a crafted BMP image.    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-14498  |    libjpeg62-turbo     |       1:1.5.1-2       | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th |
|            |                         |                        |                       | rough 3.3.1 allows attackers to cause a denial of service (heap-based  |
|            |                         |                        |                       | buffer over-read and application crash) via a crafted 8-bit BMP in whi |
|            |                         |                        |                       | ch one or more of the color indices is out of range for the number of  |
|            |                         |                        |                       |                            palette entries.                            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-28196   |      libk5crypto3      |     1.15-1+deb9u1     | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow |
|            |                         |                        |                       | s unbounded recursion via an ASN.1-encoded Kerberos message because th |
|            |                         |                        |                       | e lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lack |
|            |                         |                        |                       |                          s a recursion limit.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-20217  |      libk5crypto3      |     1.15-1+deb9u1     | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos  |
|            |                         |                        |                       | 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket us |
|            |                         |                        |                       | ing an older encryption type (single-DES, triple-DES, or RC4), the att |
|            |                         |                        |                       |         acker can crash the KDC by making an S4U2Self request.         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5710   |      libk5crypto3      |     1.15-1+deb9u1     | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The |
|            |                         |                        |                       |  pre-defined function "strlen" is getting a "NULL" string as a paramet |
|            |                         |                        |                       | er value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key  |
|            |                         |                        |                       | Distribution Center (KDC), which allows remote authenticated users to  |
|            |                         |                        |                       | cause a denial of service (NULL pointer dereference) via a modified ka |
|            |                         |                        |                       |                              dmin client.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5729   |      libk5crypto3      |     1.15-1+deb9u1     | MIT krb5 1.6 or later allows an authenticated kadmin with permission t |
|            |                         |                        |                       | o add principals to an LDAP Kerberos database to cause a denial of ser |
|            |                         |                        |                       | vice (NULL pointer dereference) or bypass a DN container check by supp |
|            |                         |                        |                       |       lying tagged data that is internal to the database module.       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-37750  |      libk5crypto3      |     1.15-1+deb9u1     | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before  |
|            |                         |                        |                       | 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/ |
|            |                         |                        |                       |     do_tgs_req.c via a FAST inner body that lacks a server field.      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-11462    |      libk5crypto3      |     1.15-1+deb9u1     | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker |
|            |                         |                        |                       | s to have unspecified impact via vectors involving automatic deletion  |
|            |                         |                        |                       |                     of security contexts on error.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-5730    |      libk5crypto3      |     1.15-1+deb9u1     | MIT krb5 1.6 or later allows an authenticated kadmin with permission t |
|            |                         |                        |                       | o add principals to an LDAP Kerberos database to circumvent a DN conta |
|            |                         |                        |                       | inership check by supplying both a "linkdn" and "containerdn" database |
|            |                         |                        |                       |  argument, or by supplying a DN string which is a left extension of a  |
|            |                         |                        |                       | container DN string but is not hierarchically within the container DN. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-28196   |       libkrb5-3        |     1.15-1+deb9u1     | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow |
|            |                         |                        |                       | s unbounded recursion via an ASN.1-encoded Kerberos message because th |
|            |                         |                        |                       | e lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lack |
|            |                         |                        |                       |                          s a recursion limit.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-20217  |       libkrb5-3        |     1.15-1+deb9u1     | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos  |
|            |                         |                        |                       | 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket us |
|            |                         |                        |                       | ing an older encryption type (single-DES, triple-DES, or RC4), the att |
|            |                         |                        |                       |         acker can crash the KDC by making an S4U2Self request.         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5710   |       libkrb5-3        |     1.15-1+deb9u1     | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The |
|            |                         |                        |                       |  pre-defined function "strlen" is getting a "NULL" string as a paramet |
|            |                         |                        |                       | er value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key  |
|            |                         |                        |                       | Distribution Center (KDC), which allows remote authenticated users to  |
|            |                         |                        |                       | cause a denial of service (NULL pointer dereference) via a modified ka |
|            |                         |                        |                       |                              dmin client.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5729   |       libkrb5-3        |     1.15-1+deb9u1     | MIT krb5 1.6 or later allows an authenticated kadmin with permission t |
|            |                         |                        |                       | o add principals to an LDAP Kerberos database to cause a denial of ser |
|            |                         |                        |                       | vice (NULL pointer dereference) or bypass a DN container check by supp |
|            |                         |                        |                       |       lying tagged data that is internal to the database module.       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-37750  |       libkrb5-3        |     1.15-1+deb9u1     | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before  |
|            |                         |                        |                       | 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/ |
|            |                         |                        |                       |     do_tgs_req.c via a FAST inner body that lacks a server field.      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-11462    |       libkrb5-3        |     1.15-1+deb9u1     | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker |
|            |                         |                        |                       | s to have unspecified impact via vectors involving automatic deletion  |
|            |                         |                        |                       |                     of security contexts on error.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-5730    |       libkrb5-3        |     1.15-1+deb9u1     | MIT krb5 1.6 or later allows an authenticated kadmin with permission t |
|            |                         |                        |                       | o add principals to an LDAP Kerberos database to circumvent a DN conta |
|            |                         |                        |                       | inership check by supplying both a "linkdn" and "containerdn" database |
|            |                         |                        |                       |  argument, or by supplying a DN string which is a left extension of a  |
|            |                         |                        |                       | container DN string but is not hierarchically within the container DN. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-28196   |    libkrb5support0     |     1.15-1+deb9u1     | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow |
|            |                         |                        |                       | s unbounded recursion via an ASN.1-encoded Kerberos message because th |
|            |                         |                        |                       | e lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lack |
|            |                         |                        |                       |                          s a recursion limit.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-20217  |    libkrb5support0     |     1.15-1+deb9u1     | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos  |
|            |                         |                        |                       | 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket us |
|            |                         |                        |                       | ing an older encryption type (single-DES, triple-DES, or RC4), the att |
|            |                         |                        |                       |         acker can crash the KDC by making an S4U2Self request.         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5710   |    libkrb5support0     |     1.15-1+deb9u1     | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The |
|            |                         |                        |                       |  pre-defined function "strlen" is getting a "NULL" string as a paramet |
|            |                         |                        |                       | er value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key  |
|            |                         |                        |                       | Distribution Center (KDC), which allows remote authenticated users to  |
|            |                         |                        |                       | cause a denial of service (NULL pointer dereference) via a modified ka |
|            |                         |                        |                       |                              dmin client.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5729   |    libkrb5support0     |     1.15-1+deb9u1     | MIT krb5 1.6 or later allows an authenticated kadmin with permission t |
|            |                         |                        |                       | o add principals to an LDAP Kerberos database to cause a denial of ser |
|            |                         |                        |                       | vice (NULL pointer dereference) or bypass a DN container check by supp |
|            |                         |                        |                       |       lying tagged data that is internal to the database module.       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-37750  |    libkrb5support0     |     1.15-1+deb9u1     | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before  |
|            |                         |                        |                       | 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/ |
|            |                         |                        |                       |     do_tgs_req.c via a FAST inner body that lacks a server field.      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-11462    |    libkrb5support0     |     1.15-1+deb9u1     | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker |
|            |                         |                        |                       | s to have unspecified impact via vectors involving automatic deletion  |
|            |                         |                        |                       |                     of security contexts on error.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-5730    |    libkrb5support0     |     1.15-1+deb9u1     | MIT krb5 1.6 or later allows an authenticated kadmin with permission t |
|            |                         |                        |                       | o add principals to an LDAP Kerberos database to circumvent a DN conta |
|            |                         |                        |                       | inership check by supplying both a "linkdn" and "containerdn" database |
|            |                         |                        |                       |  argument, or by supplying a DN string which is a left extension of a  |
|            |                         |                        |                       | container DN string but is not hierarchically within the container DN. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-16435  |       liblcms2-2       |         2.8-4         | Little CMS (aka Little Color Management System) 2.9 has an integer ove |
|            |                         |                        |                       | rflow in the AllocateDataSet function in cmscgats.c, leading to a heap |
|            |                         |                        |                       | -based buffer overflow in the SetData function via a crafted file in t |
|            |                         |                        |                       |               he second argument to cmsIT8LoadFromFile.                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2021-3520  |        liblz4-1        |     0.0~r131-2+b1     | There's a flaw in lz4. An attacker who submits a crafted file to an ap |
|            |                         |                        |                       | plication linked with lz4 may be able to trigger an integer overflow,  |
|            |                         |                        |                       | leading to calling of memmove() on a negative size argument, causing a |
|            |                         |                        |                       | n out-of-bounds write and/or a crash. The greatest impact of this flaw |
|            |                         |                        |                       |  is to availability, with some potential impact to confidentiality and |
|            |                         |                        |                       |                           integrity as well.                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-17543    |        liblz4-1        |     0.0~r131-2+b1     | LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (rela |
|            |                         |                        |                       | ted to LZ4_compress_destSize), affecting applications that call LZ4_co |
|            |                         |                        |                       | mpress_fast with a large input. (This issue can also lead to data corr |
|            |                         |                        |                       | uption.) NOTE: the vendor states "only a few specific / uncommon usage |
|            |                         |                        |                       |                       s of the API are at risk."                       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-1271    |        liblzma5        |     5.2.2-1.2+b1      | An arbitrary file write vulnerability was found in GNU gzip's zgrep ut |
|            |                         |                        |                       | ility. When zgrep is applied on the attacker's chosen file name (for e |
|            |                         |                        |                       | xample, a crafted file name), this can overwrite an attacker's content |
|            |                         |                        |                       |  to an arbitrary attacker-selected file. This flaw occurs due to insuf |
|            |                         |                        |                       | ficient validation when processing filenames with two or more newlines |
|            |                         |                        |                       |  where selected content and the target file names are embedded in craf |
|            |                         |                        |                       | ted multi-line file names. This flaw allows a remote, low privileged a |
|            |                         |                        |                       |     ttacker to force zgrep to write arbitrary files on the system.     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2016-2779    |       libmount1        |    2.29.2-1+deb9u1    | runuser in util-linux allows local users to escape to the parent sessi |
|            |                         |                        |                       | on via a crafted TIOCSTI ioctl call, which pushes characters to the te |
|            |                         |                        |                       |                         rminal's input buffer.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-37600    |       libmount1        |    2.29.2-1+deb9u1    | An integer overflow in util-linux through 2.37.1 can potentially cause |
|            |                         |                        |                       |  a buffer overflow if an attacker were able to use system resources in |
|            |                         |                        |                       |  a way that leads to a large number in the /proc/sysvipc/sem file. NOT |
|            |                         |                        |                       | E: this is unexploitable in GNU C Library environments, and possibly i |
|            |                         |                        |                       |                     n all realistic environments.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-29458   |      libncursesw5      | 6.0+20161126-1+deb9u2 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen |
|            |                         |                        |                       | tation violation in convert_strings in tinfo/read_entry.c in the termi |
|            |                         |                        |                       |                              nfo library.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-19211    |      libncursesw5      | 6.0+20161126-1+deb9u2 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa |
|            |                         |                        |                       | rse_entry in parse_entry.c that will lead to a denial of service attac |
|            |                         |                        |                       | k. The product proceeds to the dereference code path even after a "dub |
|            |                         |                        |                       |         ious character `*' in name or alias field" detection.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-17594    |      libncursesw5      | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the _nc_find_entry function  |
|            |                         |                        |                       | in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-201 |
|            |                         |                        |                       |                                 91012.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-17595    |      libncursesw5      | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the fmt_entry function in ti |
|            |                         |                        |                       | nfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012 |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-20305   |       libnettle6       |       3.3-1+b2        | A flaw was found in Nettle in versions before 3.7.2, where several Net |
|            |                         |                        |                       | tle signature verification functions (GOST DSA, EDDSA & ECDSA) result  |
|            |                         |                        |                       | in the Elliptic Curve Cryptography point (ECC) multiply function being |
|            |                         |                        |                       |  called with out-of-range scalers, possibly resulting in incorrect res |
|            |                         |                        |                       | ults. This flaw allows an attacker to force an invalid signature, caus |
|            |                         |                        |                       | ing an assertion failure or possible validation. The highest threat to |
|            |                         |                        |                       |  this vulnerability is to confidentiality, integrity, as well as syste |
|            |                         |                        |                       |                            m availability.                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-3580    |       libnettle6       |       3.3-1+b2        | A flaw was found in the way nettle's RSA decryption functions handled  |
|            |                         |                        |                       | specially crafted ciphertext. An attacker could use this flaw to provi |
|            |                         |                        |                       | de a manipulated ciphertext leading to application crash and denial of |
|            |                         |                        |                       |                                service.                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-16869  |       libnettle6       |       3.3-1+b2        | A Bleichenbacher type side-channel based padding oracle attack was fou |
|            |                         |                        |                       | nd in the way nettle handles endian conversion of RSA decrypted PKCS#1 |
|            |                         |                        |                       |  v1.5 data. An attacker who is able to run a process on the same physi |
|            |                         |                        |                       | cal core as the victim process, could use this flaw extract plaintext  |
|            |                         |                        |                       | or in some cases downgrade any TLS connections to a vulnerable server. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-17006 |        libnss3         |  2:3.26.2-1.1+deb9u1  | In Network Security Services (NSS) before 3.46, several cryptographic  |
|            |                         |                        |                       | primitives had missing length checks. In cases where the application c |
|            |                         |                        |                       | alling the library did not perform a sanity check on the inputs it cou |
|            |                         |                        |                       |             ld result in a crash due to a buffer overflow.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2020-12403 |        libnss3         |  2:3.26.2-1.1+deb9u1  | A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i |
|            |                         |                        |                       | n versions before 3.55. When using multi-part Chacha20, it could cause |
|            |                         |                        |                       |  out-of-bounds reads. This issue was fixed by explicitly disabling mul |
|            |                         |                        |                       | ti-part ChaCha20 (which was not functioning correctly) and strictly en |
|            |                         |                        |                       | forcing tag length. The highest threat from this vulnerability is to c |
|            |                         |                        |                       |                onfidentiality and system availability.                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2021-43527 |        libnss3         |  2:3.26.2-1.1+deb9u1  | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a |
|            |                         |                        |                       | re vulnerable to a heap overflow when handling DER-encoded DSA or RSA- |
|            |                         |                        |                       | PSS signatures. Applications using NSS for handling signatures encoded |
|            |                         |                        |                       |  within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. |
|            |                         |                        |                       |  Applications using NSS for certificate validation or other TLS, X.509 |
|            |                         |                        |                       | , OCSP or CRL functionality may be impacted, depending on how they con |
|            |                         |                        |                       | figure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox. |
|            |                         |                        |                       | * However, email clients and PDF viewers that use NSS for signature ve |
|            |                         |                        |                       | rification, such as Thunderbird, LibreOffice, Evolution and Evince are |
|            |                         |                        |                       |  believed to be impacted. This vulnerability affects NSS < 3.73 and NS |
|            |                         |                        |                       |                              S < 3.68.1.                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-11719   |        libnss3         |  2:3.26.2-1.1+deb9u1  | When importing a curve25519 private key in PKCS#8format with leading 0 |
|            |                         |                        |                       | x00 bytes, it is possible to trigger an out-of-bounds read in the Netw |
|            |                         |                        |                       | ork Security Services (NSS) library. This could lead to information di |
|            |                         |                        |                       | sclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, |
|            |                         |                        |                       |                         and Thunderbird < 60.8.                        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-11729   |        libnss3         |  2:3.26.2-1.1+deb9u1  | Empty or malformed p256-ECDH public keys may trigger a segmentation fa |
|            |                         |                        |                       | ult due values being improperly sanitized before being copied into mem |
|            |                         |                        |                       | ory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < |
|            |                         |                        |                       |                       68, and Thunderbird < 60.8.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-11745   |        libnss3         |  2:3.26.2-1.1+deb9u1  | When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa |
|            |                         |                        |                       | s made with data smaller than the block size, a small out of bounds wr |
|            |                         |                        |                       | ite could occur. This could have caused heap corruption and a potentia |
|            |                         |                        |                       | lly exploitable crash. This vulnerability affects Thunderbird < 68.3,  |
|            |                         |                        |                       |                 Firefox ESR < 68.3, and Firefox < 71.                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-17007   |        libnss3         |  2:3.26.2-1.1+deb9u1  | In Network Security Services before 3.44, a malformed Netscape Certifi |
|            |                         |                        |                       | cate Sequence can cause NSS to crash, resulting in a denial of service |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-25648   |        libnss3         |  2:3.26.2-1.1+deb9u1  | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message |
|            |                         |                        |                       | s in TLS 1.3. This flaw allows a remote attacker to send multiple CCS  |
|            |                         |                        |                       | messages, causing a denial of service for servers compiled with the NS |
|            |                         |                        |                       | S library. The highest threat from this vulnerability is to system ava |
|            |                         |                        |                       |         ilability. This flaw affects NSS versions before 3.58.         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-12404  |        libnss3         |  2:3.26.2-1.1+deb9u1  | A cached side channel attack during handshakes using RSA encryption co |
|            |                         |                        |                       | uld allow for the decryption of encrypted content. This is a variant o |
|            |                         |                        |                       | f the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) an |
|            |                         |                        |                       |             d affects all NSS versions prior to NSS 3.41.              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-18508  |        libnss3         |  2:3.26.2-1.1+deb9u1  | In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a  |
|            |                         |                        |                       | malformed signature can cause a crash due to a null dereference, resul |
|            |                         |                        |                       |                      ting in a Denial of Service.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-11727  |        libnss3         |  2:3.26.2-1.1+deb9u1  | A vulnerability exists where it possible to force Network Security Ser |
|            |                         |                        |                       | vices (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when |
|            |                         |                        |                       |  those are the only ones advertised by server in CertificateRequest in |
|            |                         |                        |                       |  TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messag |
|            |                         |                        |                       |              es. This vulnerability affects Firefox < 68.              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-12399  |        libnss3         |  2:3.26.2-1.1+deb9u1  | NSS has shown timing differences when performing DSA signatures, which |
|            |                         |                        |                       |  was exploitable and could eventually leak private keys. This vulnerab |
|            |                         |                        |                       | ility affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68 |
|            |                         |                        |                       |                                  .9.                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-12400  |        libnss3         |  2:3.26.2-1.1+deb9u1  | When converting coordinates from projective to affine, the modular inv |
|            |                         |                        |                       | ersion was not performed in constant time, resulting in a possible tim |
|            |                         |                        |                       | ing-based side channel attack. This vulnerability affects Firefox < 80 |
|            |                         |                        |                       |                      and Firefox for Android < 80.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-12401  |        libnss3         |  2:3.26.2-1.1+deb9u1  | During ECDSA signature generation, padding applied in the nonce design |
|            |                         |                        |                       | ed to ensure constant-time scalar multiplication was removed, resultin |
|            |                         |                        |                       | g in variable-time execution dependent on secret data. This vulnerabil |
|            |                         |                        |                       |         ity affects Firefox < 80 and Firefox for Android < 80.         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-12402  |        libnss3         |  2:3.26.2-1.1+deb9u1  | During RSA key generation, bignum implementations used a variation of  |
|            |                         |                        |                       | the Binary Extended Euclidean Algorithm which entailed significantly i |
|            |                         |                        |                       | nput-dependent flow. This allowed an attacker able to perform electrom |
|            |                         |                        |                       | agnetic-based side channel attacks to record traces leading to the rec |
|            |                         |                        |                       | overy of the secret primes. *Note:* An unmodified Firefox browser does |
|            |                         |                        |                       |  not generate RSA keys in normal operation and is not affected, but pr |
|            |                         |                        |                       | oducts built on top of it might. This vulnerability affects Firefox <  |
|            |                         |                        |                       |                                  78.                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-12413  |        libnss3         |  2:3.26.2-1.1+deb9u1  | The Raccoon attack is a timing attack on DHE ciphersuites inherit in t |
|            |                         |                        |                       | he TLS specification. To mitigate this vulnerability, Firefox disabled |
|            |                         |                        |                       |                      support for DHE ciphersuites.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-6829   |        libnss3         |  2:3.26.2-1.1+deb9u1  | When performing EC scalar point multiplication, the wNAF point multipl |
|            |                         |                        |                       | ication algorithm was used; which leaked partial information about the |
|            |                         |                        |                       |  nonce used during signature generation. Given an electro-magnetic tra |
|            |                         |                        |                       | ce of a few signature generations, the private key could have been com |
|            |                         |                        |                       | puted. This vulnerability affects Firefox < 80 and Firefox for Android |
|            |                         |                        |                       |                                  < 80.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-22747  |        libnss3         |  2:3.26.2-1.1+deb9u1  | After accepting an untrusted certificate, handling an empty pkcs7 sequ |
|            |                         |                        |                       | ence as part of the certificate data could have lead to a crash. This  |
|            |                         |                        |                       | crash is believed to be unexploitable. This vulnerability affects Fire |
|            |                         |                        |                       |         fox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-12384    |        libnss3         |  2:3.26.2-1.1+deb9u1  | When handling a SSLv2-compatible ClientHello request, the server doesn |
|            |                         |                        |                       | 't generate a new random value but sends an all-zero value instead. Th |
|            |                         |                        |                       | is results in full malleability of the ClientHello for SSLv2 used for  |
|            |                         |                        |                       | TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1. |
|            |                         |                        |                       |                                   3.                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2836-2    |        libnss3         |  2:3.26.2-1.1+deb9u1  |                               DLA-2836-2                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-29361   |      libp11-kit0       |       0.23.3-2        | An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple in |
|            |                         |                        |                       | teger overflows have been discovered in the array allocations in the p |
|            |                         |                        |                       | 11-kit library and the p11-kit list command, where overflow checks are |
|            |                         |                        |                       |                missing before calling realloc or calloc.               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-29362  |      libp11-kit0       |       0.23.3-2        | An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-base |
|            |                         |                        |                       | d buffer over-read has been discovered in the RPC protocol used by the |
|            |                         |                        |                       | p11-kit server/remote commands and the client library. When the remote |
|            |                         |                        |                       |  entity supplies a byte array through a serialized PKCS#11 function ca |
|            |                         |                        |                       | ll, the receiving entity may allow the reading of up to 4 bytes of mem |
|            |                         |                        |                       |                     ory past the heap allocation.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14155  |        libpcre3        |       2:8.39-3        | libpcre in PCRE before 8.44 allows an integer overflow via a large num |
|            |                         |                        |                       |                       ber after a (?C substring.                       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2017-12652 |      libpng16-16       |       1.6.28-1        | libpng before 1.6.32 does not properly check the length of chunks agai |
|            |                         |                        |                       |                          nst the user limit.                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-7317   |      libpng16-16       |       1.6.28-1        | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- |
|            |                         |                        |                       | free because png_image_free_function is called under png_safe_execute. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-36084    |       libsepol1        |         2.6-2         | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c |
|            |                         |                        |                       | lassperms (called from __cil_verify_classpermission and __cil_pre_veri |
|            |                         |                        |                       |                              fy_helper).                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-36085    |       libsepol1        |         2.6-2         | The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c |
|            |                         |                        |                       | lassperms (called from __verify_map_perm_classperms and hashtab_map).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-36086    |       libsepol1        |         2.6-2         | The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas |
|            |                         |                        |                       | spermission (called from cil_reset_classperms_set and cil_reset_classp |
|            |                         |                        |                       |                              erms_list).                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-36087    |       libsepol1        |         2.6-2         | The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e |
|            |                         |                        |                       | bitmap_match_any (called indirectly from cil_check_neverallow). This o |
|            |                         |                        |                       | ccurs because there is sometimes a lack of checks for invalid statemen |
|            |                         |                        |                       |                        ts in an optional block.                        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2016-2779    |     libsmartcols1      |    2.29.2-1+deb9u1    | runuser in util-linux allows local users to escape to the parent sessi |
|            |                         |                        |                       | on via a crafted TIOCSTI ioctl call, which pushes characters to the te |
|            |                         |                        |                       |                         rminal's input buffer.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-37600    |     libsmartcols1      |    2.29.2-1+deb9u1    | An integer overflow in util-linux through 2.37.1 can potentially cause |
|            |                         |                        |                       |  a buffer overflow if an attacker were able to use system resources in |
|            |                         |                        |                       |  a way that leads to a large number in the /proc/sysvipc/sem file. NOT |
|            |                         |                        |                       | E: this is unexploitable in GNU C Library environments, and possibly i |
|            |                         |                        |                       |                     n all realistic environments.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-8457  |      libsqlite3-0      |    3.16.2-5+deb9u1    | SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o |
|            |                         |                        |                       | f-bound read in the rtreenode() function when handling invalid rtree t |
|            |                         |                        |                       |                                 ables.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-20346   |      libsqlite3-0      |    3.16.2-5+deb9u1    | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a |
|            |                         |                        |                       | n integer overflow (and resultant buffer overflow) for FTS3 queries th |
|            |                         |                        |                       | at occur after crafted changes to FTS3 shadow tables, allowing remote  |
|            |                         |                        |                       | attackers to execute arbitrary code by leveraging the ability to run a |
|            |                         |                        |                       | rbitrary SQL statements (such as in certain WebSQL use cases), aka Mag |
|            |                         |                        |                       |                                 ellan.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-20506   |      libsqlite3-0      |    3.16.2-5+deb9u1    | SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a |
|            |                         |                        |                       | n integer overflow (and resultant buffer overflow) for FTS3 queries in |
|            |                         |                        |                       |  a "merge" operation that occurs after crafted changes to FTS3 shadow  |
|            |                         |                        |                       | tables, allowing remote attackers to execute arbitrary code by leverag |
|            |                         |                        |                       | ing the ability to run arbitrary SQL statements (such as in certain We |
|            |                         |                        |                       | bSQL use cases). This is a different vulnerability than CVE-2018-20346 |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-8740    |      libsqlite3-0      |    3.16.2-5+deb9u1    | In SQLite through 3.22.0, databases whose schema is corrupted using a  |
|            |                         |                        |                       | CREATE TABLE AS statement could cause a NULL pointer dereference, rela |
|            |                         |                        |                       |                     ted to build.c and prepare.c.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-20218   |      libsqlite3-0      |    3.16.2-5+deb9u1    | selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u |
|            |                         |                        |                       |                  nwinding even after a parsing error.                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-5827    |      libsqlite3-0      |    3.16.2-5+deb9u1    | Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3 |
|            |                         |                        |                       | 729.131 allowed a remote attacker to potentially exploit heap corrupti |
|            |                         |                        |                       |                      on via a crafted HTML page.                       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-9936    |      libsqlite3-0      |    3.16.2-5+deb9u1    | In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou |
|            |                         |                        |                       | ld trigger a heap-based buffer over-read in fts5HashEntrySort in sqlit |
|            |                         |                        |                       | e3.c, which may lead to an information leak. This is related to ext/ft |
|            |                         |                        |                       |                            s5/fts5_hash.c.                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-9937    |      libsqlite3-0      |    3.16.2-5+deb9u1    | In SQLite 3.27.2, interleaving reads and writes in a single transactio |
|            |                         |                        |                       | n with an fts5 virtual table will lead to a NULL Pointer Dereference i |
|            |                         |                        |                       | n fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash |
|            |                         |                        |                       |                     .c and ext/fts5/fts5_index.c.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-11655   |      libsqlite3-0      |    3.16.2-5+deb9u1    | SQLite through 3.31.1 allows attackers to cause a denial of service (s |
|            |                         |                        |                       | egmentation fault) via a malformed window-function query because the A |
|            |                         |                        |                       |             ggInfo object's initialization is mishandled.              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-13630   |      libsqlite3-0      |    3.16.2-5+deb9u1    | ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev |
|            |                         |                        |                       |               alNextRow, related to the snippet feature.               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-13871   |      libsqlite3-0      |    3.16.2-5+deb9u1    | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec |
|            |                         |                        |                       |     ause the parse tree rewrite for window functions is too late.      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-16168  |      libsqlite3-0      |    3.16.2-5+deb9u1    | In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras |
|            |                         |                        |                       | h a browser or other application because of missing validation of a sq |
|            |                         |                        |                       | lite_stat1 sz field, aka a "severe division by zero in the query plann |
|            |                         |                        |                       |                                  er."                                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-19645  |      libsqlite3-0      |    3.16.2-5+deb9u1    | alter.c in SQLite through 3.30.1 allows attackers to trigger infinite  |
|            |                         |                        |                       | recursion via certain types of self-referential views in conjunction w |
|            |                         |                        |                       |                      ith ALTER TABLE statements.                       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-13434  |      libsqlite3-0      |    3.16.2-5+deb9u1    | SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf  |
|            |                         |                        |                       |                              in printf.c.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-13631  |      libsqlite3-0      |    3.16.2-5+deb9u1    | SQLite before 3.32.0 allows a virtual table to be renamed to the name  |
|            |                         |                        |                       |      of one of its shadow tables, related to alter.c and build.c.      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-13632  |      libsqlite3-0      |    3.16.2-5+deb9u1    | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der |
|            |                         |                        |                       |               eference via a crafted matchinfo() query.                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-1304    |         libss2         |       1.43.4-2        | An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. |
|            |                         |                        |                       | 5. This issue leads to a segmentation fault and possibly arbitrary cod |
|            |                         |                        |                       |            e execution via a specially crafted filesystem.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-5094   |         libss2         |       1.43.4-2        | An exploitable code execution vulnerability exists in the quota file f |
|            |                         |                        |                       | unctionality of E2fsprogs 1.45.3. A specially crafted ext4 partition c |
|            |                         |                        |                       | an cause an out-of-bounds write on the heap, resulting in code executi |
|            |                         |                        |                       | on. An attacker can corrupt a partition to trigger this vulnerability. |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-5188   |         libss2         |       1.43.4-2        | A code execution vulnerability exists in the directory rehashing funct |
|            |                         |                        |                       | ionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 director |
|            |                         |                        |                       | y can cause an out-of-bounds write on the stack, resulting in code exe |
|            |                         |                        |                       | cution. An attacker can corrupt a partition to trigger this vulnerabil |
|            |                         |                        |                       |                                  ity.                                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-1292  |       libssl1.1        |    1.1.0f-3+deb9u2    | The c_rehash script does not properly sanitise shell metacharacters to |
|            |                         |                        |                       |  prevent command injection. This script is distributed by some operati |
|            |                         |                        |                       | ng systems in a manner where it is automatically executed. On such ope |
|            |                         |                        |                       | rating systems, an attacker could execute arbitrary commands with the  |
|            |                         |                        |                       | privileges of the script. Use of the c_rehash script is considered obs |
|            |                         |                        |                       | olete and should be replaced by the OpenSSL rehash command line tool.  |
|            |                         |                        |                       | Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL  |
|            |                         |                        |                       | 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0 |
|            |                         |                        |                       |                              .2-1.0.2zd).                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-0732    |       libssl1.1        |    1.1.0f-3+deb9u2    | During key agreement in a TLS handshake using a DH(E) based ciphersuit |
|            |                         |                        |                       | e a malicious server can send a very large prime value to the client.  |
|            |                         |                        |                       | This will cause the client to spend an unreasonably long period of tim |
|            |                         |                        |                       | e generating a key for this prime resulting in a hang until the client |
|            |                         |                        |                       |  has finished. This could be exploited in a Denial Of Service attack.  |
|            |                         |                        |                       | Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL  |
|            |                         |                        |                       |                  1.0.2p-dev (Affected 1.0.2-1.0.2o).                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-1543    |       libssl1.1        |    1.1.0f-3+deb9u2    | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input |
|            |                         |                        |                       |  for every encryption operation. RFC 7539 specifies that the nonce val |
|            |                         |                        |                       | ue (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce  |
|            |                         |                        |                       | length and front pads the nonce with 0 bytes if it is less than 12 byt |
|            |                         |                        |                       | es. However it also incorrectly allows a nonce to be set of up to 16 b |
|            |                         |                        |                       | ytes. In this case only the last 12 bytes are significant and any addi |
|            |                         |                        |                       | tional leading bytes are ignored. It is a requirement of using this ci |
|            |                         |                        |                       | pher that nonce values are unique. Messages encrypted using a reused n |
|            |                         |                        |                       | once value are susceptible to serious confidentiality and integrity at |
|            |                         |                        |                       | tacks. If an application changes the default nonce length to be longer |
|            |                         |                        |                       |  than 12 bytes and then makes a change to the leading bytes of the non |
|            |                         |                        |                       | ce expecting the new value to be a new unique nonce then such an appli |
|            |                         |                        |                       | cation could inadvertently encrypt messages with a reused nonce. Addit |
|            |                         |                        |                       | ionally the ignored bytes in a long nonce are not covered by the integ |
|            |                         |                        |                       | rity guarantee of this cipher. Any application that relies on the inte |
|            |                         |                        |                       | grity of these ignored leading bytes of a long nonce may be further af |
|            |                         |                        |                       | fected. Any OpenSSL internal use of this cipher, including in SSL/TLS, |
|            |                         |                        |                       |  is safe because no such use sets such a long nonce value. However use |
|            |                         |                        |                       | r applications that use this cipher directly and set a non-default non |
|            |                         |                        |                       | ce length to be longer than 12 bytes may be vulnerable. OpenSSL versio |
|            |                         |                        |                       | ns 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scop |
|            |                         |                        |                       | e of affected deployments this has been assessed as low severity and t |
|            |                         |                        |                       | herefore we are not creating new releases at this time. Fixed in OpenS |
|            |                         |                        |                       | SL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1 |
|            |                         |                        |                       |                             .1.0-1.1.0j).                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-23840   |       libssl1.1        |    1.1.0f-3+deb9u2    | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may |
|            |                         |                        |                       |  overflow the output length argument in some cases where the input len |
|            |                         |                        |                       | gth is close to the maximum permissable length for an integer on the p |
|            |                         |                        |                       | latform. In such cases the return value from the function call will be |
|            |                         |                        |                       |  1 (indicating success), but the output length value will be negative. |
|            |                         |                        |                       |  This could cause applications to behave incorrectly or crash. OpenSSL |
|            |                         |                        |                       |  versions 1.1.1i and below are affected by this issue. Users of these  |
|            |                         |                        |                       | versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and |
|            |                         |                        |                       |  below are affected by this issue. However OpenSSL 1.0.2 is out of sup |
|            |                         |                        |                       | port and no longer receiving public updates. Premium support customers |
|            |                         |                        |                       |  of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade |
|            |                         |                        |                       |  to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in  |
|            |                         |                        |                       |                OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-3712    |       libssl1.1        |    1.1.0f-3+deb9u2    | ASN.1 strings are represented internally within OpenSSL as an ASN1_STR |
|            |                         |                        |                       | ING structure which contains a buffer holding the string data and a fi |
|            |                         |                        |                       | eld holding the buffer length. This contrasts with normal C strings wh |
|            |                         |                        |                       | ich are repesented as a buffer for the string data which is terminated |
|            |                         |                        |                       |  with a NUL (0) byte. Although not a strict requirement, ASN.1 strings |
|            |                         |                        |                       |  that are parsed using OpenSSL's own "d2i" functions (and other simila |
|            |                         |                        |                       | r parsing functions) as well as any string whose value has been set wi |
|            |                         |                        |                       | th the ASN1_STRING_set() function will additionally NUL terminate the  |
|            |                         |                        |                       | byte array in the ASN1_STRING structure. However, it is possible for a |
|            |                         |                        |                       | pplications to directly construct valid ASN1_STRING structures which d |
|            |                         |                        |                       | o not NUL terminate the byte array by directly setting the "data" and  |
|            |                         |                        |                       | "length" fields in the ASN1_STRING array. This can also happen by usin |
|            |                         |                        |                       | g the ASN1_STRING_set0() function. Numerous OpenSSL functions that pri |
|            |                         |                        |                       | nt ASN.1 data have been found to assume that the ASN1_STRING byte arra |
|            |                         |                        |                       | y will be NUL terminated, even though this is not guaranteed for strin |
|            |                         |                        |                       | gs that have been directly constructed. Where an application requests  |
|            |                         |                        |                       | an ASN.1 structure to be printed, and where that ASN.1 structure conta |
|            |                         |                        |                       | ins ASN1_STRINGs that have been directly constructed by the applicatio |
|            |                         |                        |                       | n without NUL terminating the "data" field, then a read buffer overrun |
|            |                         |                        |                       |  can occur. The same thing can also occur during name constraints proc |
|            |                         |                        |                       | essing of certificates (for example if a certificate has been directly |
|            |                         |                        |                       |  constructed by the application instead of loading it via the OpenSSL  |
|            |                         |                        |                       | parsing functions, and the certificate contains non NUL terminated ASN |
|            |                         |                        |                       | 1_STRING structures). It can also occur in the X509_get1_email(), X509 |
|            |                         |                        |                       | _REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor |
|            |                         |                        |                       |  can cause an application to directly construct an ASN1_STRING and the |
|            |                         |                        |                       | n process it through one of the affected OpenSSL functions then this i |
|            |                         |                        |                       | ssue could be hit. This might result in a crash (causing a Denial of S |
|            |                         |                        |                       | ervice attack). It could also result in the disclosure of private memo |
|            |                         |                        |                       | ry contents (such as private keys, or sensitive plaintext). Fixed in O |
|            |                         |                        |                       | penSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affec |
|            |                         |                        |                       |                           ted 1.0.2-1.0.2y).                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-0778    |       libssl1.1        |    1.1.0f-3+deb9u2    | The BN_mod_sqrt() function, which computes a modular square root, cont |
|            |                         |                        |                       | ains a bug that can cause it to loop forever for non-prime moduli. Int |
|            |                         |                        |                       | ernally this function is used when parsing certificates that contain e |
|            |                         |                        |                       | lliptic curve public keys in compressed form or explicit elliptic curv |
|            |                         |                        |                       | e parameters with a base point encoded in compressed form. It is possi |
|            |                         |                        |                       | ble to trigger the infinite loop by crafting a certificate that has in |
|            |                         |                        |                       | valid explicit curve parameters. Since certificate parsing happens pri |
|            |                         |                        |                       | or to verification of the certificate signature, any process that pars |
|            |                         |                        |                       | es an externally supplied certificate may thus be subject to a denial  |
|            |                         |                        |                       | of service attack. The infinite loop can also be reached when parsing  |
|            |                         |                        |                       | crafted private keys as they can contain explicit elliptic curve param |
|            |                         |                        |                       | eters. Thus vulnerable situations include: - TLS clients consuming ser |
|            |                         |                        |                       | ver certificates - TLS servers consuming client certificates - Hosting |
|            |                         |                        |                       |  providers taking certificates or private keys from customers - Certif |
|            |                         |                        |                       | icate authorities parsing certification requests from subscribers - An |
|            |                         |                        |                       | ything else which parses ASN.1 elliptic curve parameters Also any othe |
|            |                         |                        |                       | r applications that use the BN_mod_sqrt() where the attacker can contr |
|            |                         |                        |                       | ol the parameter values are vulnerable to this DoS issue. In the OpenS |
|            |                         |                        |                       | SL 1.0.2 version the public key is not parsed during initial parsing o |
|            |                         |                        |                       | f the certificate which makes it slightly harder to trigger the infini |
|            |                         |                        |                       | te loop. However any operation which requires the public key from the  |
|            |                         |                        |                       | certificate will trigger the infinite loop. In particular the attacker |
|            |                         |                        |                       |  can use a self-signed certificate to trigger the loop during verifica |
|            |                         |                        |                       | tion of the certificate signature. This issue affects OpenSSL versions |
|            |                         |                        |                       |  1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and  |
|            |                         |                        |                       | 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3 |
|            |                         |                        |                       | .0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenS |
|            |                         |                        |                       |                  SL 1.0.2zd (Affected 1.0.2-1.0.2zc).                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-0734   |       libssl1.1        |    1.1.0f-3+deb9u2    | The OpenSSL DSA signature algorithm has been shown to be vulnerable to |
|            |                         |                        |                       |  a timing side channel attack. An attacker could use variations in the |
|            |                         |                        |                       |  signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a |
|            |                         |                        |                       |  (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi |
|            |                         |                        |                       |             xed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-0735   |       libssl1.1        |    1.1.0f-3+deb9u2    | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable  |
|            |                         |                        |                       | to a timing side channel attack. An attacker could use variations in t |
|            |                         |                        |                       | he signing algorithm to recover the private key. Fixed in OpenSSL 1.1. |
|            |                         |                        |                       | 0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-0737   |       libssl1.1        |    1.1.0f-3+deb9u2    | The OpenSSL RSA Key generation algorithm has been shown to be vulnerab |
|            |                         |                        |                       | le to a cache timing side channel attack. An attacker with sufficient  |
|            |                         |                        |                       | access to mount cache timing attacks during the RSA key generation pro |
|            |                         |                        |                       | cess could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affec |
|            |                         |                        |                       | ted 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o |
|            |                         |                        |                       |                                   ).                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5407   |       libssl1.1        |    1.1.0f-3+deb9u2    | Simultaneous Multi-threading (SMT) in processors can enable local user |
|            |                         |                        |                       | s to exploit software vulnerable to timing attacks via a side-channel  |
|            |                         |                        |                       |                  timing attack on 'port contention'.                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-1547   |       libssl1.1        |    1.1.0f-3+deb9u2    | Normally in OpenSSL EC groups always have a co-factor present and this |
|            |                         |                        |                       |  is used in side channel resistant code paths. However, in some cases, |
|            |                         |                        |                       |  it is possible to construct a group using explicit parameters (instea |
|            |                         |                        |                       | d of using a named curve). In those cases it is possible that such a g |
|            |                         |                        |                       | roup does not have the cofactor present. This can occur even where all |
|            |                         |                        |                       |  the parameters match a known named curve. If such a curve is used the |
|            |                         |                        |                       | n OpenSSL falls back to non-side channel resistant code paths which ma |
|            |                         |                        |                       | y result in full key recovery during an ECDSA signature operation. In  |
|            |                         |                        |                       | order to be vulnerable an attacker would have to have the ability to t |
|            |                         |                        |                       | ime the creation of a large number of signatures where explicit parame |
|            |                         |                        |                       | ters with no co-factor present are in use by an application using libc |
|            |                         |                        |                       | rypto. For the avoidance of doubt libssl is not vulnerable because exp |
|            |                         |                        |                       | licit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1 |
|            |                         |                        |                       | .1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in  |
|            |                         |                        |                       |                OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-1551   |       libssl1.1        |    1.1.0f-3+deb9u2    | There is an overflow bug in the x64_64 Montgomery squaring procedure u |
|            |                         |                        |                       | sed in exponentiation with 512-bit moduli. No EC algorithms are affect |
|            |                         |                        |                       | ed. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RS |
|            |                         |                        |                       | A1536, and DSA1024 as a result of this defect would be very difficult  |
|            |                         |                        |                       | to perform and are not believed likely. Attacks against DH512 are cons |
|            |                         |                        |                       | idered just feasible. However, for an attack the target would have to  |
|            |                         |                        |                       | re-use the DH512 private key, which is not recommended anyway. Also ap |
|            |                         |                        |                       | plications directly using the low level API BN_mod_exp may be affected |
|            |                         |                        |                       |  if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1 |
|            |                         |                        |                       |       -1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-1971   |       libssl1.1        |    1.1.0f-3+deb9u2    | The X.509 GeneralName type is a generic type for representing differen |
|            |                         |                        |                       | t types of names. One of those name types is known as EDIPartyName. Op |
|            |                         |                        |                       | enSSL provides a function GENERAL_NAME_cmp which compares different in |
|            |                         |                        |                       | stances of a GENERAL_NAME to see if they are equal or not. This functi |
|            |                         |                        |                       | on behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME |
|            |                         |                        |                       | . A NULL pointer dereference and a crash may occur leading to a possib |
|            |                         |                        |                       | le denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp  |
|            |                         |                        |                       | function for two purposes: 1) Comparing CRL distribution point names b |
|            |                         |                        |                       | etween an available CRL and a CRL distribution point embedded in an X5 |
|            |                         |                        |                       | 09 certificate 2) When verifying that a timestamp response token signe |
|            |                         |                        |                       | r matches the timestamp authority name (exposed via the API functions  |
|            |                         |                        |                       | TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can c |
|            |                         |                        |                       | ontrol both items being compared then that attacker could trigger a cr |
|            |                         |                        |                       | ash. For example if the attacker can trick a client or server into che |
|            |                         |                        |                       | cking a malicious certificate against a malicious CRL then this may oc |
|            |                         |                        |                       | cur. Note that some applications automatically download CRLs based on  |
|            |                         |                        |                       | a URL embedded in a certificate. This checking happens prior to the si |
|            |                         |                        |                       | gnatures on the certificate and CRL being verified. OpenSSL's s_server |
|            |                         |                        |                       | , s_client and verify tools have support for the "-crl_download" optio |
|            |                         |                        |                       | n which implements automatic CRL downloading and this attack has been  |
|            |                         |                        |                       | demonstrated to work against those tools. Note that an unrelated bug m |
|            |                         |                        |                       | eans that affected versions of OpenSSL cannot parse or construct corre |
|            |                         |                        |                       | ct encodings of EDIPARTYNAME. However it is possible to construct a ma |
|            |                         |                        |                       | lformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigg |
|            |                         |                        |                       | er this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by t |
|            |                         |                        |                       | his issue. Other OpenSSL releases are out of support and have not been |
|            |                         |                        |                       |  checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in Op |
|            |                         |                        |                       |                 enSSL 1.0.2x (Affected 1.0.2-1.0.2w).                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-23841  |       libssl1.1        |    1.1.0f-3+deb9u2    | The OpenSSL public API function X509_issuer_and_serial_hash() attempts |
|            |                         |                        |                       |  to create a unique hash value based on the issuer and serial number d |
|            |                         |                        |                       | ata contained within an X509 certificate. However it fails to correctl |
|            |                         |                        |                       | y handle any errors that may occur while parsing the issuer field (whi |
|            |                         |                        |                       | ch might occur if the issuer field is maliciously constructed). This m |
|            |                         |                        |                       | ay subsequently result in a NULL pointer deref and a crash leading to  |
|            |                         |                        |                       | a potential denial of service attack. The function X509_issuer_and_ser |
|            |                         |                        |                       | ial_hash() is never directly called by OpenSSL itself so applications  |
|            |                         |                        |                       | are only vulnerable if they use this function directly and they use it |
|            |                         |                        |                       |  on certificates that may have been obtained from untrusted sources. O |
|            |                         |                        |                       | penSSL versions 1.1.1i and below are affected by this issue. Users of  |
|            |                         |                        |                       | these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0. |
|            |                         |                        |                       | 2x and below are affected by this issue. However OpenSSL 1.0.2 is out  |
|            |                         |                        |                       | of support and no longer receiving public updates. Premium support cus |
|            |                         |                        |                       | tomers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should u |
|            |                         |                        |                       | pgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fix |
|            |                         |                        |                       |             ed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-4160   |       libssl1.1        |    1.1.0f-3+deb9u2    | There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro |
|            |                         |                        |                       | cedure. Many EC algorithms are affected, including some of the TLS 1.3 |
|            |                         |                        |                       |  default curves. Impact was not analyzed in detail, because the pre-re |
|            |                         |                        |                       | quisites for attack are considered unlikely and include reusing privat |
|            |                         |                        |                       | e keys. Analysis suggests that attacks against RSA and DSA as a result |
|            |                         |                        |                       |  of this defect would be very difficult to perform and are not believe |
|            |                         |                        |                       | d likely. Attacks against DH are considered just feasible (although ve |
|            |                         |                        |                       | ry difficult) because most of the work necessary to deduce information |
|            |                         |                        |                       |  about a private key may be performed offline. The amount of resources |
|            |                         |                        |                       |  required for such an attack would be significant. However, for an att |
|            |                         |                        |                       | ack on TLS to be meaningful, the server would have to share the DH pri |
|            |                         |                        |                       | vate key among multiple clients, which is no longer an option since CV |
|            |                         |                        |                       | E-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. |
|            |                         |                        |                       | 0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of |
|            |                         |                        |                       |  December 2021. For the 1.0.2 release it is addressed in git commit 6f |
|            |                         |                        |                       | c1aaaf3 that is available to premium support customers only. It will b |
|            |                         |                        |                       | e made available in 1.0.2zc when it is released. The issue only affect |
|            |                         |                        |                       | s OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).  |
|            |                         |                        |                       | Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0. |
|            |                         |                        |                       |                   2zc-dev (Affected 1.0.2-1.0.2zb).                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-1563    |       libssl1.1        |    1.1.0f-3+deb9u2    | In situations where an attacker receives automated notification of the |
|            |                         |                        |                       |  success or failure of a decryption attempt an attacker, after sending |
|            |                         |                        |                       |  a very large number of messages to be decrypted, can recover a CMS/PK |
|            |                         |                        |                       | CS7 transported encryption key or decrypt any RSA encrypted message th |
|            |                         |                        |                       | at was encrypted with the public RSA key, using a Bleichenbacher paddi |
|            |                         |                        |                       | ng oracle attack. Applications are not affected if they use a certific |
|            |                         |                        |                       | ate together with the private RSA key to the CMS_decrypt or PKCS7_decr |
|            |                         |                        |                       | ypt functions to select the correct recipient info to decrypt. Fixed i |
|            |                         |                        |                       | n OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Aff |
|            |                         |                        |                       | ected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-12886   |       libstdc++6       |    6.3.0-18+deb9u1    | stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu |
|            |                         |                        |                       | nction.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain |
|            |                         |                        |                       |  circumstances) generate instruction sequences when targeting ARM targ |
|            |                         |                        |                       | ets that spill the address of the stack protector guard, which allows  |
|            |                         |                        |                       | an attacker to bypass the protection of -fstack-protector, -fstack-pro |
|            |                         |                        |                       | tector-all, -fstack-protector-strong, and -fstack-protector-explicit a |
|            |                         |                        |                       | gainst stack overflow by controlling what the stack canary is compared |
|            |                         |                        |                       |                                against.                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-15686   |      libsystemd0       |     232-25+deb9u3     | A vulnerability in unit_deserialize of systemd allows an attacker to s |
|            |                         |                        |                       | upply arbitrary state across systemd re-execution via NotifyAccess. Th |
|            |                         |                        |                       | is can be used to improperly influence systemd execution and possibly  |
|            |                         |                        |                       | lead to root privilege escalation. Affected releases are systemd versi |
|            |                         |                        |                       |                      ons up to and including 239.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-15688   |      libsystemd0       |     232-25+deb9u3     | A buffer overflow vulnerability in the dhcp6 client of systemd allows  |
|            |                         |                        |                       | a malicious dhcp6 server to overwrite heap memory in systemd-networkd. |
|            |                         |                        |                       |    Affected releases are systemd: versions up to and including 239.    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-16864   |      libsystemd0       |     232-25+deb9u3     | An allocation of memory without limits, that could result in the stack |
|            |                         |                        |                       |  clashing with another memory region, was discovered in systemd-journa |
|            |                         |                        |                       | ld when a program with long command line arguments calls syslog. A loc |
|            |                         |                        |                       | al attacker may use this flaw to crash systemd-journald or escalate hi |
|            |                         |                        |                       |          s privileges. Versions through v240 are vulnerable.           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-16865   |      libsystemd0       |     232-25+deb9u3     | An allocation of memory without limits, that could result in the stack |
|            |                         |                        |                       |  clashing with another memory region, was discovered in systemd-journa |
|            |                         |                        |                       | ld when many entries are sent to the journal socket. A local attacker, |
|            |                         |                        |                       |  or a remote one if systemd-journal-remote is used, may use this flaw  |
|            |                         |                        |                       | to crash systemd-journald or execute code with journald privileges. Ve |
|            |                         |                        |                       |                  rsions through v240 are vulnerable.                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-3842    |      libsystemd0       |     232-25+deb9u3     | In systemd before v242-rc4, it was discovered that pam_systemd does no |
|            |                         |                        |                       | t properly sanitize the environment before using the XDG_SEAT variable |
|            |                         |                        |                       | . It is possible for an attacker, in some particular configurations, t |
|            |                         |                        |                       | o set a XDG_SEAT environment variable which allows for commands to be  |
|            |                         |                        |                       | checked against polkit policies using the "allow_active" element rathe |
|            |                         |                        |                       |                          r than "allow_any".                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-3843    |      libsystemd0       |     232-25+deb9u3     | It was discovered that a systemd service that uses DynamicUser propert |
|            |                         |                        |                       | y can create a SUID/SGID binary that would be allowed to run as the tr |
|            |                         |                        |                       | ansient service UID/GID even after the service is terminated. A local  |
|            |                         |                        |                       | attacker may use this flaw to access resources that will be owned by a |
|            |                         |                        |                       |  potentially different service in the future, when the UID/GID will be |
|            |                         |                        |                       |                                recycled.                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-3844    |      libsystemd0       |     232-25+deb9u3     | It was discovered that a systemd service that uses DynamicUser propert |
|            |                         |                        |                       | y can get new privileges through the execution of SUID binaries, which |
|            |                         |                        |                       |  would allow to create binaries owned by the service transient group w |
|            |                         |                        |                       | ith the setgid bit set. A local attacker may use this flaw to access r |
|            |                         |                        |                       | esources that will be owned by a potentially different service in the  |
|            |                         |                        |                       |                 future, when the GID will be recycled.                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-1712    |      libsystemd0       |     232-25+deb9u3     | A heap use-after-free vulnerability was found in systemd before versio |
|            |                         |                        |                       | n v245-rc1, where asynchronous Polkit queries are performed while hand |
|            |                         |                        |                       | ling dbus messages. A local unprivileged attacker can abuse this flaw  |
|            |                         |                        |                       | to crash systemd services or potentially execute code and elevate thei |
|            |                         |                        |                       |       r privileges, by sending specially crafted dbus messages.        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-1049   |      libsystemd0       |     232-25+deb9u3     | In systemd prior to 234 a race condition exists between .mount and .au |
|            |                         |                        |                       | tomount units such that automount requests from kernel may not be serv |
|            |                         |                        |                       | iced by systemd resulting in kernel holding the mountpoint and any pro |
|            |                         |                        |                       | cesses that try to use said mount will hang. A race condition like thi |
|            |                         |                        |                       |   s may lead to denial of service, until mount points are unmounted.   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-6454   |      libsystemd0       |     232-25+deb9u3     | An issue was discovered in sd-bus in systemd 239. bus_process_object() |
|            |                         |                        |                       |  in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack  |
|            |                         |                        |                       | buffer for temporarily storing the object path of incoming D-Bus messa |
|            |                         |                        |                       | ges. An unprivileged local user can exploit this by sending a speciall |
|            |                         |                        |                       | y crafted message to PID1, causing the stack pointer to jump over the  |
|            |                         |                        |                       | stack guard pages into an unmapped memory region and trigger a denial  |
|            |                         |                        |                       |           of service (systemd PID1 crash and kernel panic).            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-33910  |      libsystemd0       |     232-25+deb9u3     | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1  |
|            |                         |                        |                       | has a Memory Allocation with an Excessive Size Value (involving strdup |
|            |                         |                        |                       | a and alloca for a pathname controlled by a local attacker) that resul |
|            |                         |                        |                       |                    ts in an operating system crash.                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-3997   |      libsystemd0       |     232-25+deb9u3     | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpf |
|            |                         |                        |                       | iles may lead to a denial of service at boot time when too many nested |
|            |                         |                        |                       |                    directories are created in /tmp.                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-16866    |      libsystemd0       |     232-25+deb9u3     | An out of bounds read was discovered in systemd-journald in the way it |
|            |                         |                        |                       |  parses log messages that terminate with a colon ':'. A local attacker |
|            |                         |                        |                       |  can use this flaw to disclose process memory data. Versions from v221 |
|            |                         |                        |                       |                         to v239 are vulnerable.                        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-16888    |      libsystemd0       |     232-25+deb9u3     | It was discovered systemd does not correctly check the content of PIDF |
|            |                         |                        |                       | ile files before using it to kill processes. When a service is run fro |
|            |                         |                        |                       | m an unprivileged user (e.g. User field set in the service file), a lo |
|            |                         |                        |                       | cal attacker who is able to write to the PIDFile of the mentioned serv |
|            |                         |                        |                       | ice may use this flaw to trick systemd into killing other services and |
|            |                         |                        |                       |     /or privileged processes. Versions before v237 are vulnerable.     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-6954    |      libsystemd0       |     232-25+deb9u3     | systemd-tmpfiles in systemd through 237 mishandles symlinks present in |
|            |                         |                        |                       |  non-terminal path components, which allows local users to obtain owne |
|            |                         |                        |                       | rship of arbitrary files via vectors involving creation of a directory |
|            |                         |                        |                       |  and a file under that directory, and later replacing that directory w |
|            |                         |                        |                       | ith a symlink. This occurs even if the fs.protected_symlinks sysctl is |
|            |                         |                        |                       |                               turned on.                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-3815    |      libsystemd0       |     232-25+deb9u3     | A memory leak was discovered in the backport of fixes for CVE-2018-168 |
|            |                         |                        |                       | 64 in Red Hat Enterprise Linux. Function dispatch_message_real() in jo |
|            |                         |                        |                       | urnald-server.c does not free the memory allocated by set_iovec_field_ |
|            |                         |                        |                       | free() to store the `_CMDLINE=` entry. A local attacker may use this f |
|            |                         |                        |                       | law to make systemd-journald crash. This issue only affects versions s |
|            |                         |                        |                       |            hipped with Red Hat Enterprise since v219-62.2.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DSA-4367-2    |      libsystemd0       |     232-25+deb9u3     |                               DSA-4367-2                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-29458   |       libtinfo5        | 6.0+20161126-1+deb9u2 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen |
|            |                         |                        |                       | tation violation in convert_strings in tinfo/read_entry.c in the termi |
|            |                         |                        |                       |                              nfo library.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-19211    |       libtinfo5        | 6.0+20161126-1+deb9u2 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa |
|            |                         |                        |                       | rse_entry in parse_entry.c that will lead to a denial of service attac |
|            |                         |                        |                       | k. The product proceeds to the dereference code path even after a "dub |
|            |                         |                        |                       |         ious character `*' in name or alias field" detection.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-17594    |       libtinfo5        | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the _nc_find_entry function  |
|            |                         |                        |                       | in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-201 |
|            |                         |                        |                       |                                 91012.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-17595    |       libtinfo5        | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the fmt_entry function in ti |
|            |                         |                        |                       | nfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012 |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-15686   |        libudev1        |     232-25+deb9u3     | A vulnerability in unit_deserialize of systemd allows an attacker to s |
|            |                         |                        |                       | upply arbitrary state across systemd re-execution via NotifyAccess. Th |
|            |                         |                        |                       | is can be used to improperly influence systemd execution and possibly  |
|            |                         |                        |                       | lead to root privilege escalation. Affected releases are systemd versi |
|            |                         |                        |                       |                      ons up to and including 239.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-15688   |        libudev1        |     232-25+deb9u3     | A buffer overflow vulnerability in the dhcp6 client of systemd allows  |
|            |                         |                        |                       | a malicious dhcp6 server to overwrite heap memory in systemd-networkd. |
|            |                         |                        |                       |    Affected releases are systemd: versions up to and including 239.    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-16864   |        libudev1        |     232-25+deb9u3     | An allocation of memory without limits, that could result in the stack |
|            |                         |                        |                       |  clashing with another memory region, was discovered in systemd-journa |
|            |                         |                        |                       | ld when a program with long command line arguments calls syslog. A loc |
|            |                         |                        |                       | al attacker may use this flaw to crash systemd-journald or escalate hi |
|            |                         |                        |                       |          s privileges. Versions through v240 are vulnerable.           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-16865   |        libudev1        |     232-25+deb9u3     | An allocation of memory without limits, that could result in the stack |
|            |                         |                        |                       |  clashing with another memory region, was discovered in systemd-journa |
|            |                         |                        |                       | ld when many entries are sent to the journal socket. A local attacker, |
|            |                         |                        |                       |  or a remote one if systemd-journal-remote is used, may use this flaw  |
|            |                         |                        |                       | to crash systemd-journald or execute code with journald privileges. Ve |
|            |                         |                        |                       |                  rsions through v240 are vulnerable.                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-3842    |        libudev1        |     232-25+deb9u3     | In systemd before v242-rc4, it was discovered that pam_systemd does no |
|            |                         |                        |                       | t properly sanitize the environment before using the XDG_SEAT variable |
|            |                         |                        |                       | . It is possible for an attacker, in some particular configurations, t |
|            |                         |                        |                       | o set a XDG_SEAT environment variable which allows for commands to be  |
|            |                         |                        |                       | checked against polkit policies using the "allow_active" element rathe |
|            |                         |                        |                       |                          r than "allow_any".                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-3843    |        libudev1        |     232-25+deb9u3     | It was discovered that a systemd service that uses DynamicUser propert |
|            |                         |                        |                       | y can create a SUID/SGID binary that would be allowed to run as the tr |
|            |                         |                        |                       | ansient service UID/GID even after the service is terminated. A local  |
|            |                         |                        |                       | attacker may use this flaw to access resources that will be owned by a |
|            |                         |                        |                       |  potentially different service in the future, when the UID/GID will be |
|            |                         |                        |                       |                                recycled.                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-3844    |        libudev1        |     232-25+deb9u3     | It was discovered that a systemd service that uses DynamicUser propert |
|            |                         |                        |                       | y can get new privileges through the execution of SUID binaries, which |
|            |                         |                        |                       |  would allow to create binaries owned by the service transient group w |
|            |                         |                        |                       | ith the setgid bit set. A local attacker may use this flaw to access r |
|            |                         |                        |                       | esources that will be owned by a potentially different service in the  |
|            |                         |                        |                       |                 future, when the GID will be recycled.                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-1712    |        libudev1        |     232-25+deb9u3     | A heap use-after-free vulnerability was found in systemd before versio |
|            |                         |                        |                       | n v245-rc1, where asynchronous Polkit queries are performed while hand |
|            |                         |                        |                       | ling dbus messages. A local unprivileged attacker can abuse this flaw  |
|            |                         |                        |                       | to crash systemd services or potentially execute code and elevate thei |
|            |                         |                        |                       |       r privileges, by sending specially crafted dbus messages.        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-1049   |        libudev1        |     232-25+deb9u3     | In systemd prior to 234 a race condition exists between .mount and .au |
|            |                         |                        |                       | tomount units such that automount requests from kernel may not be serv |
|            |                         |                        |                       | iced by systemd resulting in kernel holding the mountpoint and any pro |
|            |                         |                        |                       | cesses that try to use said mount will hang. A race condition like thi |
|            |                         |                        |                       |   s may lead to denial of service, until mount points are unmounted.   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-6454   |        libudev1        |     232-25+deb9u3     | An issue was discovered in sd-bus in systemd 239. bus_process_object() |
|            |                         |                        |                       |  in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack  |
|            |                         |                        |                       | buffer for temporarily storing the object path of incoming D-Bus messa |
|            |                         |                        |                       | ges. An unprivileged local user can exploit this by sending a speciall |
|            |                         |                        |                       | y crafted message to PID1, causing the stack pointer to jump over the  |
|            |                         |                        |                       | stack guard pages into an unmapped memory region and trigger a denial  |
|            |                         |                        |                       |           of service (systemd PID1 crash and kernel panic).            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-33910  |        libudev1        |     232-25+deb9u3     | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1  |
|            |                         |                        |                       | has a Memory Allocation with an Excessive Size Value (involving strdup |
|            |                         |                        |                       | a and alloca for a pathname controlled by a local attacker) that resul |
|            |                         |                        |                       |                    ts in an operating system crash.                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-3997   |        libudev1        |     232-25+deb9u3     | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpf |
|            |                         |                        |                       | iles may lead to a denial of service at boot time when too many nested |
|            |                         |                        |                       |                    directories are created in /tmp.                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-16866    |        libudev1        |     232-25+deb9u3     | An out of bounds read was discovered in systemd-journald in the way it |
|            |                         |                        |                       |  parses log messages that terminate with a colon ':'. A local attacker |
|            |                         |                        |                       |  can use this flaw to disclose process memory data. Versions from v221 |
|            |                         |                        |                       |                         to v239 are vulnerable.                        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-16888    |        libudev1        |     232-25+deb9u3     | It was discovered systemd does not correctly check the content of PIDF |
|            |                         |                        |                       | ile files before using it to kill processes. When a service is run fro |
|            |                         |                        |                       | m an unprivileged user (e.g. User field set in the service file), a lo |
|            |                         |                        |                       | cal attacker who is able to write to the PIDFile of the mentioned serv |
|            |                         |                        |                       | ice may use this flaw to trick systemd into killing other services and |
|            |                         |                        |                       |     /or privileged processes. Versions before v237 are vulnerable.     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-6954    |        libudev1        |     232-25+deb9u3     | systemd-tmpfiles in systemd through 237 mishandles symlinks present in |
|            |                         |                        |                       |  non-terminal path components, which allows local users to obtain owne |
|            |                         |                        |                       | rship of arbitrary files via vectors involving creation of a directory |
|            |                         |                        |                       |  and a file under that directory, and later replacing that directory w |
|            |                         |                        |                       | ith a symlink. This occurs even if the fs.protected_symlinks sysctl is |
|            |                         |                        |                       |                               turned on.                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-3815    |        libudev1        |     232-25+deb9u3     | A memory leak was discovered in the backport of fixes for CVE-2018-168 |
|            |                         |                        |                       | 64 in Red Hat Enterprise Linux. Function dispatch_message_real() in jo |
|            |                         |                        |                       | urnald-server.c does not free the memory allocated by set_iovec_field_ |
|            |                         |                        |                       | free() to store the `_CMDLINE=` entry. A local attacker may use this f |
|            |                         |                        |                       | law to make systemd-journald crash. This issue only affects versions s |
|            |                         |                        |                       |            hipped with Red Hat Enterprise since v219-62.2.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DSA-4367-2    |        libudev1        |     232-25+deb9u3     |                               DSA-4367-2                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2016-2779    |        libuuid1        |    2.29.2-1+deb9u1    | runuser in util-linux allows local users to escape to the parent sessi |
|            |                         |                        |                       | on via a crafted TIOCSTI ioctl call, which pushes characters to the te |
|            |                         |                        |                       |                         rminal's input buffer.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-37600    |        libuuid1        |    2.29.2-1+deb9u1    | An integer overflow in util-linux through 2.37.1 can potentially cause |
|            |                         |                        |                       |  a buffer overflow if an attacker were able to use system resources in |
|            |                         |                        |                       |  a way that leads to a large number in the /proc/sysvipc/sem file. NOT |
|            |                         |                        |                       | E: this is unexploitable in GNU C Library environments, and possibly i |
|            |                         |                        |                       |                     n all realistic environments.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2021-31535 |        libx11-6        |       2:1.6.4-3       | LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a |
|            |                         |                        |                       | llow remote attackers to execute arbitrary code. The libX11 XLookupCol |
|            |                         |                        |                       | or request (intended for server-side color lookup) contains a flaw all |
|            |                         |                        |                       | owing a client to send color-name requests with a name longer than the |
|            |                         |                        |                       |  maximum size allowed by the protocol (and also longer than the maximu |
|            |                         |                        |                       | m packet size for normal-sized packets). The user-controlled data exce |
|            |                         |                        |                       | eding the maximum size is then interpreted by the server as additional |
|            |                         |                        |                       |  X protocol requests and executed, e.g., to disable X server authoriza |
|            |                         |                        |                       | tion completely. For example, if the victim encounters malicious termi |
|            |                         |                        |                       | nal control sequences for color codes, then the attacker may be able t |
|            |                         |                        |                       |         o take full control of the running graphical session.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-14363   |        libx11-6        |       2:1.6.4-3       | An integer overflow vulnerability leading to a double-free was found i |
|            |                         |                        |                       | n libX11. This flaw allows a local privileged attacker to cause an app |
|            |                         |                        |                       | lication compiled with libX11 to crash, or in some cases, result in ar |
|            |                         |                        |                       | bitrary code execution. The highest threat from this flaw is to confid |
|            |                         |                        |                       |          entiality, integrity as well as system availability.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14344  |        libx11-6        |       2:1.6.4-3       | An integer overflow leading to a heap-buffer overflow was found in The |
|            |                         |                        |                       |  X Input Method (XIM) client was implemented in libX11 before version  |
|            |                         |                        |                       | 1.6.10. As per upstream this is security relevant when setuid programs |
|            |                         |                        |                       |  call XIM client functions while running with elevated privileges. No  |
|            |                         |                        |                       |        such programs are shipped with Red Hat Enterprise Linux.        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-14598    |        libx11-6        |       2:1.6.4-3       | An issue was discovered in XListExtensions in ListExt.c in libX11 thro |
|            |                         |                        |                       | ugh 1.6.5. A malicious server can send a reply in which the first stri |
|            |                         |                        |                       | ng overflows, causing a variable to be set to NULL that will be freed  |
|            |                         |                        |                       |             later on, leading to DoS (segmentation fault).             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-14599    |        libx11-6        |       2:1.6.4-3       | An issue was discovered in libX11 through 1.6.5. The function XListExt |
|            |                         |                        |                       | ensions in ListExt.c is vulnerable to an off-by-one error caused by ma |
|            |                         |                        |                       | licious server responses, leading to DoS or possibly unspecified other |
|            |                         |                        |                       |                                 impact.                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-14600    |        libx11-6        |       2:1.6.4-3       | An issue was discovered in libX11 through 1.6.5. The function XListExt |
|            |                         |                        |                       | ensions in ListExt.c interprets a variable as signed instead of unsign |
|            |                         |                        |                       | ed, resulting in an out-of-bounds write (of up to 128 bytes), leading  |
|            |                         |                        |                       |                    to DoS or remote code execution.                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2021-31535 |      libx11-data       |       2:1.6.4-3       | LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a |
|            |                         |                        |                       | llow remote attackers to execute arbitrary code. The libX11 XLookupCol |
|            |                         |                        |                       | or request (intended for server-side color lookup) contains a flaw all |
|            |                         |                        |                       | owing a client to send color-name requests with a name longer than the |
|            |                         |                        |                       |  maximum size allowed by the protocol (and also longer than the maximu |
|            |                         |                        |                       | m packet size for normal-sized packets). The user-controlled data exce |
|            |                         |                        |                       | eding the maximum size is then interpreted by the server as additional |
|            |                         |                        |                       |  X protocol requests and executed, e.g., to disable X server authoriza |
|            |                         |                        |                       | tion completely. For example, if the victim encounters malicious termi |
|            |                         |                        |                       | nal control sequences for color codes, then the attacker may be able t |
|            |                         |                        |                       |         o take full control of the running graphical session.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-14363   |      libx11-data       |       2:1.6.4-3       | An integer overflow vulnerability leading to a double-free was found i |
|            |                         |                        |                       | n libX11. This flaw allows a local privileged attacker to cause an app |
|            |                         |                        |                       | lication compiled with libX11 to crash, or in some cases, result in ar |
|            |                         |                        |                       | bitrary code execution. The highest threat from this flaw is to confid |
|            |                         |                        |                       |          entiality, integrity as well as system availability.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14344  |      libx11-data       |       2:1.6.4-3       | An integer overflow leading to a heap-buffer overflow was found in The |
|            |                         |                        |                       |  X Input Method (XIM) client was implemented in libX11 before version  |
|            |                         |                        |                       | 1.6.10. As per upstream this is security relevant when setuid programs |
|            |                         |                        |                       |  call XIM client functions while running with elevated privileges. No  |
|            |                         |                        |                       |        such programs are shipped with Red Hat Enterprise Linux.        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-14598    |      libx11-data       |       2:1.6.4-3       | An issue was discovered in XListExtensions in ListExt.c in libX11 thro |
|            |                         |                        |                       | ugh 1.6.5. A malicious server can send a reply in which the first stri |
|            |                         |                        |                       | ng overflows, causing a variable to be set to NULL that will be freed  |
|            |                         |                        |                       |             later on, leading to DoS (segmentation fault).             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-14599    |      libx11-data       |       2:1.6.4-3       | An issue was discovered in libX11 through 1.6.5. The function XListExt |
|            |                         |                        |                       | ensions in ListExt.c is vulnerable to an off-by-one error caused by ma |
|            |                         |                        |                       | licious server responses, leading to DoS or possibly unspecified other |
|            |                         |                        |                       |                                 impact.                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-14600    |      libx11-data       |       2:1.6.4-3       | An issue was discovered in libX11 through 1.6.5. The function XListExt |
|            |                         |                        |                       | ensions in ListExt.c interprets a variable as signed instead of unsign |
|            |                         |                        |                       | ed, resulting in an out-of-bounds write (of up to 128 bytes), leading  |
|            |                         |                        |                       |                    to DoS or remote code execution.                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2017-12424 |         login          |       1:4.4-4.1       | In shadow before 4.5, the newusers tool could be made to manipulate in |
|            |                         |                        |                       | ternal data structures in ways unintended by the authors. Malformed in |
|            |                         |                        |                       | put may lead to crashes (with a buffer overflow or other memory corrup |
|            |                         |                        |                       | tion) or other unspecified behaviors. This crosses a privilege boundar |
|            |                         |                        |                       | y in, for example, certain web-hosting environments in which a Control |
|            |                         |                        |                       |    Panel allows an unprivileged user account to create subaccounts.    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2017-20002   |         login          |       1:4.4-4.1       | The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists  |
|            |                         |                        |                       | pts/0 and pts/1 as physical terminals in /etc/securetty. This allows l |
|            |                         |                        |                       | ocal users to login as password-less users even if they are connected  |
|            |                         |                        |                       | by non-physical means such as SSH (hence bypassing PAM's nullok_secure |
|            |                         |                        |                       |  configuration). This notably affects environments such as virtual mac |
|            |                         |                        |                       | hines automatically generated with a default blank root password, allo |
|            |                         |                        |                       |              wing all local users to escalate privileges.              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-7169    |         login          |       1:4.4-4.1       | An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is  |
|            |                         |                        |                       | setuid and allows an unprivileged user to be placed in a user namespac |
|            |                         |                        |                       | e where setgroups(2) is permitted. This allows an attacker to remove t |
|            |                         |                        |                       | hemselves from a supplementary group, which may allow access to certai |
|            |                         |                        |                       | n filesystem paths if the administrator has used "group blacklisting"  |
|            |                         |                        |                       | (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively |
|            |                         |                        |                       |  reverts a security feature in the kernel (in particular, the /proc/se |
|            |                         |                        |                       |    lf/setgroups knob) to prevent this sort of privilege escalation.    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2016-2779    |         mount          |    2.29.2-1+deb9u1    | runuser in util-linux allows local users to escape to the parent sessi |
|            |                         |                        |                       | on via a crafted TIOCSTI ioctl call, which pushes characters to the te |
|            |                         |                        |                       |                         rminal's input buffer.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-37600    |         mount          |    2.29.2-1+deb9u1    | An integer overflow in util-linux through 2.37.1 can potentially cause |
|            |                         |                        |                       |  a buffer overflow if an attacker were able to use system resources in |
|            |                         |                        |                       |  a way that leads to a large number in the /proc/sysvipc/sem file. NOT |
|            |                         |                        |                       | E: this is unexploitable in GNU C Library environments, and possibly i |
|            |                         |                        |                       |                     n all realistic environments.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2017-18269 |   multiarch-support    |    2.24-11+deb9u3     | An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686 |
|            |                         |                        |                       | /multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or  |
|            |                         |                        |                       | libc6) 2.21 through 2.27 does not correctly perform the overlapping me |
|            |                         |                        |                       | mory check if the source memory range spans the middle of the address  |
|            |                         |                        |                       | space, resulting in corrupt data being produced by the copy operation. |
|            |                         |                        |                       |  This may disclose information to context-dependent attackers, or resu |
|            |                         |                        |                       |        lt in a denial of service, or, possibly, code execution.        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  High CVE-2017-1000408  |   multiarch-support    |    2.24-11+deb9u3     | A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached |
|            |                         |                        |                       |  and amplified through the LD_HWCAP_MASK environment variable. Please  |
|            |                         |                        |                       | note that many versions of glibc are not vulnerable to this issue if p |
|            |                         |                        |                       |                      atched for CVE-2017-1000366.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  High CVE-2017-1000409  |   multiarch-support    |    2.24-11+deb9u3     | A buffer overflow in glibc 2.5 (released on September 29, 2006) and ca |
|            |                         |                        |                       | n be triggered through the LD_LIBRARY_PATH environment variable. Pleas |
|            |                         |                        |                       | e note that many versions of glibc are not vulnerable to this issue if |
|            |                         |                        |                       |                      patched for CVE-2017-1000366.                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2017-16997   |   multiarch-support    |    2.24-11+deb9u3     | elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 |
|            |                         |                        |                       | .26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged ( |
|            |                         |                        |                       | setuid or AT_SECURE) program, which allows local users to gain privile |
|            |                         |                        |                       | ges via a Trojan horse library in the current working directory, relat |
|            |                         |                        |                       | ed to the fillin_rpath and decompose_rpath functions. This is associat |
|            |                         |                        |                       | ed with misinterpretion of an empty RPATH/RUNPATH token as the "./" di |
|            |                         |                        |                       | rectory. NOTE: this configuration of RPATH/RUNPATH for a privileged pr |
|            |                         |                        |                       | ogram is apparently very uncommon; most likely, no such program is shi |
|            |                         |                        |                       |                pped with any common Linux distribution.                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-15670    |   multiarch-support    |    2.24-11+deb9u3     | The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- |
|            |                         |                        |                       | one error leading to a heap-based buffer overflow in the glob function |
|            |                         |                        |                       |  in glob.c, related to the processing of home directories using the ~  |
|            |                         |                        |                       |                  operator followed by a long string.                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-15671    |   multiarch-support    |    2.24-11+deb9u3     | The glob function in glob.c in the GNU C Library (aka glibc or libc6)  |
|            |                         |                        |                       | before 2.27, when invoked with GLOB_TILDE, could skip freeing allocate |
|            |                         |                        |                       | d memory when processing the ~ operator with a long user name, potenti |
|            |                         |                        |                       |           ally leading to a denial of service (memory leak).           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2017-15804    |   multiarch-support    |    2.24-11+deb9u3     | The glob function in glob.c in the GNU C Library (aka glibc or libc6)  |
|            |                         |                        |                       | before 2.27 contains a buffer overflow during unescaping of user names |
|            |                         |                        |                       |                          with the ~ operator.                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-11236    |   multiarch-support    |    2.24-11+deb9u3     | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a |
|            |                         |                        |                       | nd earlier, when processing very long pathname arguments to the realpa |
|            |                         |                        |                       | th function, could encounter an integer overflow on 32-bit architectur |
|            |                         |                        |                       | es, leading to a stack-based buffer overflow and, potentially, arbitra |
|            |                         |                        |                       |                           ry code execution.                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-11237    |   multiarch-support    |    2.24-11+deb9u3     | An AVX-512-optimized implementation of the mempcpy function in the GNU |
|            |                         |                        |                       |  C Library (aka glibc or libc6) 2.27 and earlier may write data beyond |
|            |                         |                        |                       |  the target buffer, leading to a buffer overflow in __mempcpy_avx512_n |
|            |                         |                        |                       |                             o_vzeroupper.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-29458   |      ncurses-base      | 6.0+20161126-1+deb9u2 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen |
|            |                         |                        |                       | tation violation in convert_strings in tinfo/read_entry.c in the termi |
|            |                         |                        |                       |                              nfo library.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-19211    |      ncurses-base      | 6.0+20161126-1+deb9u2 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa |
|            |                         |                        |                       | rse_entry in parse_entry.c that will lead to a denial of service attac |
|            |                         |                        |                       | k. The product proceeds to the dereference code path even after a "dub |
|            |                         |                        |                       |         ious character `*' in name or alias field" detection.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-17594    |      ncurses-base      | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the _nc_find_entry function  |
|            |                         |                        |                       | in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-201 |
|            |                         |                        |                       |                                 91012.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-17595    |      ncurses-base      | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the fmt_entry function in ti |
|            |                         |                        |                       | nfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012 |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-29458   |      ncurses-bin       | 6.0+20161126-1+deb9u2 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen |
|            |                         |                        |                       | tation violation in convert_strings in tinfo/read_entry.c in the termi |
|            |                         |                        |                       |                              nfo library.                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2018-19211    |      ncurses-bin       | 6.0+20161126-1+deb9u2 | In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa |
|            |                         |                        |                       | rse_entry in parse_entry.c that will lead to a denial of service attac |
|            |                         |                        |                       | k. The product proceeds to the dereference code path even after a "dub |
|            |                         |                        |                       |         ious character `*' in name or alias field" detection.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-17594    |      ncurses-bin       | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the _nc_find_entry function  |
|            |                         |                        |                       | in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-201 |
|            |                         |                        |                       |                                 91012.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-17595    |      ncurses-bin       | 6.0+20161126-1+deb9u2 | There is a heap-based buffer over-read in the fmt_entry function in ti |
|            |                         |                        |                       | nfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012 |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2018-3183  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O |
|            |                         |                        |                       | racle Java SE (subcomponent: Scripting). Supported versions that are a |
|            |                         |                        |                       | ffected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R |
|            |                         |                        |                       | 28.3.19. Difficult to exploit vulnerability allows unauthenticated att |
|            |                         |                        |                       | acker with network access via multiple protocols to compromise Java SE |
|            |                         |                        |                       | , Java SE Embedded, JRockit. While the vulnerability is in Java SE, Ja |
|            |                         |                        |                       | va SE Embedded, JRockit, attacks may significantly impact additional p |
|            |                         |                        |                       | roducts. Successful attacks of this vulnerability can result in takeov |
|            |                         |                        |                       | er of Java SE, Java SE Embedded, JRockit. Note: This vulnerability app |
|            |                         |                        |                       | lies to Java deployments, typically in clients running sandboxed Java  |
|            |                         |                        |                       | Web Start applications or sandboxed Java applets (in Java SE 8), that  |
|            |                         |                        |                       | load and run untrusted code (e.g. code that comes from the internet) a |
|            |                         |                        |                       | nd rely on the Java sandbox for security. This vulnerability can also  |
|            |                         |                        |                       | be exploited by using APIs in the specified Component, e.g. through a  |
|            |                         |                        |                       | web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 ( |
|            |                         |                        |                       | Confidentiality, Integrity and Availability impacts). CVSS Vector: (CV |
|            |                         |                        |                       |              SS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-3149    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O |
|            |                         |                        |                       | racle Java SE (subcomponent: JNDI). Supported versions that are affect |
|            |                         |                        |                       | ed are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; J |
|            |                         |                        |                       | Rockit: R28.3.19. Difficult to exploit vulnerability allows unauthenti |
|            |                         |                        |                       | cated attacker with network access via multiple protocols to compromis |
|            |                         |                        |                       | e Java SE, Java SE Embedded, JRockit. Successful attacks require human |
|            |                         |                        |                       |  interaction from a person other than the attacker and while the vulne |
|            |                         |                        |                       | rability is in Java SE, Java SE Embedded, JRockit, attacks may signifi |
|            |                         |                        |                       | cantly impact additional products. Successful attacks of this vulnerab |
|            |                         |                        |                       | ility can result in takeover of Java SE, Java SE Embedded, JRockit. No |
|            |                         |                        |                       | te: This vulnerability applies to Java deployments, typically in clien |
|            |                         |                        |                       | ts running sandboxed Java Web Start applications or sandboxed Java app |
|            |                         |                        |                       | lets (in Java SE 8), that load and run untrusted code (e.g. code that  |
|            |                         |                        |                       | comes from the internet) and rely on the Java sandbox for security. Th |
|            |                         |                        |                       | is vulnerability can also be exploited by using APIs in the specified  |
|            |                         |                        |                       | Component, e.g. through a web service which supplies data to the APIs. |
|            |                         |                        |                       |  CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability  |
|            |                         |                        |                       | impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-3169    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav |
|            |                         |                        |                       | a SE (subcomponent: Hotspot). Supported versions that are affected are |
|            |                         |                        |                       |  Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to e |
|            |                         |                        |                       | xploit vulnerability allows unauthenticated attacker with network acce |
|            |                         |                        |                       | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc |
|            |                         |                        |                       | cessful attacks require human interaction from a person other than the |
|            |                         |                        |                       |  attacker and while the vulnerability is in Java SE, Java SE Embedded, |
|            |                         |                        |                       |  attacks may significantly impact additional products. Successful atta |
|            |                         |                        |                       | cks of this vulnerability can result in takeover of Java SE, Java SE E |
|            |                         |                        |                       | mbedded. Note: This vulnerability applies to Java deployments, typical |
|            |                         |                        |                       | ly in clients running sandboxed Java Web Start applications or sandbox |
|            |                         |                        |                       | ed Java applets (in Java SE 8), that load and run untrusted code (e.g. |
|            |                         |                        |                       |  code that comes from the internet) and rely on the Java sandbox for s |
|            |                         |                        |                       | ecurity. This vulnerability does not apply to Java deployments, typica |
|            |                         |                        |                       | lly in servers, that load and run only trusted code (e.g. code install |
|            |                         |                        |                       | ed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Int |
|            |                         |                        |                       | egrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR: |
|            |                         |                        |                       |                        N/UI:R/S:C/C:H/I:H/A:H).                        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-2602    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav |
|            |                         |                        |                       | a SE (subcomponent: Libraries). Supported versions that are affected a |
|            |                         |                        |                       | re Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easi |
|            |                         |                        |                       | ly exploitable vulnerability allows unauthenticated attacker with netw |
|            |                         |                        |                       | ork access via multiple protocols to compromise Java SE, Java SE Embed |
|            |                         |                        |                       | ded. Successful attacks of this vulnerability can result in unauthoriz |
|            |                         |                        |                       | ed ability to cause a hang or frequently repeatable crash (complete DO |
|            |                         |                        |                       | S) of Java SE, Java SE Embedded. Note: This vulnerability can only be  |
|            |                         |                        |                       | exploited by supplying data to APIs in the specified Component without |
|            |                         |                        |                       |  using Untrusted Java Web Start applications or Untrusted Java applets |
|            |                         |                        |                       | , such as through a web service. CVSS 3.0 Base Score 7.5 (Availability |
|            |                         |                        |                       |  impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-2698    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE component of Oracle Java SE (subcomponent |
|            |                         |                        |                       | : 2D). Supported versions that are affected are Java SE: 7u211 and 8u2 |
|            |                         |                        |                       | 02. Difficult to exploit vulnerability allows unauthenticated attacker |
|            |                         |                        |                       |  with network access via multiple protocols to compromise Java SE. Suc |
|            |                         |                        |                       | cessful attacks of this vulnerability can result in takeover of Java S |
|            |                         |                        |                       | E. Note: This vulnerability applies to Java deployments, typically in  |
|            |                         |                        |                       | clients running sandboxed Java Web Start applications or sandboxed Jav |
|            |                         |                        |                       | a applets (in Java SE 8), that load and run untrusted code (e.g., code |
|            |                         |                        |                       |  that comes from the internet) and rely on the Java sandbox for securi |
|            |                         |                        |                       | ty. This vulnerability does not apply to Java deployments, typically i |
|            |                         |                        |                       | n servers, that load and run only trusted code (e.g., code installed b |
|            |                         |                        |                       | y an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integri |
|            |                         |                        |                       | ty and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI |
|            |                         |                        |                       |                          :N/S:U/C:H/I:H/A:H).                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-14583   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Diffi |
|            |                         |                        |                       | cult to exploit vulnerability allows unauthenticated attacker with net |
|            |                         |                        |                       | work access via multiple protocols to compromise Java SE, Java SE Embe |
|            |                         |                        |                       | dded. Successful attacks require human interaction from a person other |
|            |                         |                        |                       |  than the attacker and while the vulnerability is in Java SE, Java SE  |
|            |                         |                        |                       | Embedded, attacks may significantly impact additional products. Succes |
|            |                         |                        |                       | sful attacks of this vulnerability can result in takeover of Java SE,  |
|            |                         |                        |                       | Java SE Embedded. Note: This vulnerability applies to Java deployments |
|            |                         |                        |                       | , typically in clients running sandboxed Java Web Start applications o |
|            |                         |                        |                       | r sandboxed Java applets, that load and run untrusted code (e.g., code |
|            |                         |                        |                       |  that comes from the internet) and rely on the Java sandbox for securi |
|            |                         |                        |                       | ty. This vulnerability does not apply to Java deployments, typically i |
|            |                         |                        |                       | n servers, that load and run only trusted code (e.g., code installed b |
|            |                         |                        |                       | y an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integri |
|            |                         |                        |                       | ty and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI |
|            |                         |                        |                       |                          :R/S:C/C:H/I:H/A:H).                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-14593   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: 2D). Supported versions that are affected are Java SE:  |
|            |                         |                        |                       | 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily explo |
|            |                         |                        |                       | itable vulnerability allows unauthenticated attacker with network acce |
|            |                         |                        |                       | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc |
|            |                         |                        |                       | cessful attacks require human interaction from a person other than the |
|            |                         |                        |                       |  attacker and while the vulnerability is in Java SE, Java SE Embedded, |
|            |                         |                        |                       |  attacks may significantly impact additional products. Successful atta |
|            |                         |                        |                       | cks of this vulnerability can result in unauthorized creation, deletio |
|            |                         |                        |                       | n or modification access to critical data or all Java SE, Java SE Embe |
|            |                         |                        |                       | dded accessible data. Note: This vulnerability applies to Java deploym |
|            |                         |                        |                       | ents, typically in clients running sandboxed Java Web Start applicatio |
|            |                         |                        |                       | ns or sandboxed Java applets, that load and run untrusted code (e.g.,  |
|            |                         |                        |                       | code that comes from the internet) and rely on the Java sandbox for se |
|            |                         |                        |                       | curity. This vulnerability does not apply to Java deployments, typical |
|            |                         |                        |                       | ly in servers, that load and run only trusted code (e.g., code install |
|            |                         |                        |                       | ed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts).  |
|            |                         |                        |                       |      CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-2604    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Serialization). Supported versions that are affected ar |
|            |                         |                        |                       | e Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. D |
|            |                         |                        |                       | ifficult to exploit vulnerability allows unauthenticated attacker with |
|            |                         |                        |                       |  network access via multiple protocols to compromise Java SE, Java SE  |
|            |                         |                        |                       | Embedded. Successful attacks of this vulnerability can result in takeo |
|            |                         |                        |                       | ver of Java SE, Java SE Embedded. Note: This vulnerability applies to  |
|            |                         |                        |                       | Java deployments, typically in clients running sandboxed Java Web Star |
|            |                         |                        |                       | t applications or sandboxed Java applets (in Java SE 8), that load and |
|            |                         |                        |                       |  run untrusted code (e.g., code that comes from the internet) and rely |
|            |                         |                        |                       |  on the Java sandbox for security. This vulnerability can also be expl |
|            |                         |                        |                       | oited by using APIs in the specified Component, e.g., through a web se |
|            |                         |                        |                       | rvice which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confi |
|            |                         |                        |                       | dentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3. |
|            |                         |                        |                       |                0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-2803    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult |
|            |                         |                        |                       |  to exploit vulnerability allows unauthenticated attacker with network |
|            |                         |                        |                       |  access via multiple protocols to compromise Java SE, Java SE Embedded |
|            |                         |                        |                       | . Successful attacks require human interaction from a person other tha |
|            |                         |                        |                       | n the attacker and while the vulnerability is in Java SE, Java SE Embe |
|            |                         |                        |                       | dded, attacks may significantly impact additional products. Successful |
|            |                         |                        |                       |  attacks of this vulnerability can result in takeover of Java SE, Java |
|            |                         |                        |                       |  SE Embedded. Note: This vulnerability applies to Java deployments, ty |
|            |                         |                        |                       | pically in clients running sandboxed Java Web Start applications or sa |
|            |                         |                        |                       | ndboxed Java applets, that load and run untrusted code (e.g., code tha |
|            |                         |                        |                       | t comes from the internet) and rely on the Java sandbox for security.  |
|            |                         |                        |                       | This vulnerability does not apply to Java deployments, typically in se |
|            |                         |                        |                       | rvers, that load and run only trusted code (e.g., code installed by an |
|            |                         |                        |                       |  administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity a |
|            |                         |                        |                       | nd Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S |
|            |                         |                        |                       |                            :C/C:H/I:H/A:H).                            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-2805    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult |
|            |                         |                        |                       |  to exploit vulnerability allows unauthenticated attacker with network |
|            |                         |                        |                       |  access via multiple protocols to compromise Java SE, Java SE Embedded |
|            |                         |                        |                       | . Successful attacks require human interaction from a person other tha |
|            |                         |                        |                       | n the attacker and while the vulnerability is in Java SE, Java SE Embe |
|            |                         |                        |                       | dded, attacks may significantly impact additional products. Successful |
|            |                         |                        |                       |  attacks of this vulnerability can result in takeover of Java SE, Java |
|            |                         |                        |                       |  SE Embedded. Note: This vulnerability applies to Java deployments, ty |
|            |                         |                        |                       | pically in clients running sandboxed Java Web Start applications or sa |
|            |                         |                        |                       | ndboxed Java applets, that load and run untrusted code (e.g., code tha |
|            |                         |                        |                       | t comes from the internet) and rely on the Java sandbox for security.  |
|            |                         |                        |                       | This vulnerability does not apply to Java deployments, typically in se |
|            |                         |                        |                       | rvers, that load and run only trusted code (e.g., code installed by an |
|            |                         |                        |                       |  administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity a |
|            |                         |                        |                       | nd Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S |
|            |                         |                        |                       |                            :C/C:H/I:H/A:H).                            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-3180   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O |
|            |                         |                        |                       | racle Java SE (subcomponent: JSSE). Supported versions that are affect |
|            |                         |                        |                       | ed are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; J |
|            |                         |                        |                       | Rockit: R28.3.19. Difficult to exploit vulnerability allows unauthenti |
|            |                         |                        |                       | cated attacker with network access via SSL/TLS to compromise Java SE,  |
|            |                         |                        |                       | Java SE Embedded, JRockit. Successful attacks of this vulnerability ca |
|            |                         |                        |                       | n result in unauthorized update, insert or delete access to some of Ja |
|            |                         |                        |                       | va SE, Java SE Embedded, JRockit accessible data as well as unauthoriz |
|            |                         |                        |                       | ed read access to a subset of Java SE, Java SE Embedded, JRockit acces |
|            |                         |                        |                       | sible data and unauthorized ability to cause a partial denial of servi |
|            |                         |                        |                       | ce (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vul |
|            |                         |                        |                       | nerability applies to Java deployments, typically in clients running s |
|            |                         |                        |                       | andboxed Java Web Start applications or sandboxed Java applets (in Jav |
|            |                         |                        |                       | a SE 8), that load and run untrusted code (e.g. code that comes from t |
|            |                         |                        |                       | he internet) and rely on the Java sandbox for security. This vulnerabi |
|            |                         |                        |                       | lity can also be exploited by using APIs in the specified Component, e |
|            |                         |                        |                       | .g. through a web service which supplies data to the APIs. CVSS 3.0 Ba |
|            |                         |                        |                       | se Score 5.6 (Confidentiality, Integrity and Availability impacts). CV |
|            |                         |                        |                       |       SS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-3214   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O |
|            |                         |                        |                       | racle Java SE (subcomponent: Sound). Supported versions that are affec |
|            |                         |                        |                       | ted are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRoc |
|            |                         |                        |                       | kit: R28.3.19. Easily exploitable vulnerability allows unauthenticated |
|            |                         |                        |                       |  attacker with network access via multiple protocols to compromise Jav |
|            |                         |                        |                       | a SE, Java SE Embedded, JRockit. Successful attacks of this vulnerabil |
|            |                         |                        |                       | ity can result in unauthorized ability to cause a partial denial of se |
|            |                         |                        |                       | rvice (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This  |
|            |                         |                        |                       | vulnerability applies to Java deployments, typically in clients runnin |
|            |                         |                        |                       | g sandboxed Java Web Start applications or sandboxed Java applets (in  |
|            |                         |                        |                       | Java SE 8), that load and run untrusted code (e.g., code that comes fr |
|            |                         |                        |                       | om the internet) and rely on the Java sandbox for security. This vulne |
|            |                         |                        |                       | rability can also be exploited by using APIs in the specified Componen |
|            |                         |                        |                       | t, e.g. through a web service which supplies data to the APIs. CVSS 3. |
|            |                         |                        |                       | 0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/A |
|            |                         |                        |                       |                    C:L/PR:N/UI:N/S:U/C:N/I:N/A:L).                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2684   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav |
|            |                         |                        |                       | a SE (subcomponent: RMI). Supported versions that are affected are Jav |
|            |                         |                        |                       | a SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult  |
|            |                         |                        |                       | to exploit vulnerability allows unauthenticated attacker with network  |
|            |                         |                        |                       | access via multiple protocols to compromise Java SE, Java SE Embedded. |
|            |                         |                        |                       |  Successful attacks of this vulnerability can result in unauthorized c |
|            |                         |                        |                       | reation, deletion or modification access to critical data or all Java  |
|            |                         |                        |                       | SE, Java SE Embedded accessible data. Note: This vulnerability applies |
|            |                         |                        |                       |  to Java deployments, typically in clients running sandboxed Java Web  |
|            |                         |                        |                       | Start applications or sandboxed Java applets (in Java SE 8), that load |
|            |                         |                        |                       |  and run untrusted code (e.g., code that comes from the internet) and  |
|            |                         |                        |                       | rely on the Java sandbox for security. This vulnerability can also be  |
|            |                         |                        |                       | exploited by using APIs in the specified Component, e.g., through a we |
|            |                         |                        |                       | b service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (In |
|            |                         |                        |                       | tegrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I |
|            |                         |                        |                       |                                :H/A:N).                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2745   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE component of Oracle Java SE (subcomponent |
|            |                         |                        |                       | : Security). Supported versions that are affected are Java SE: 7u221,  |
|            |                         |                        |                       | 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenti |
|            |                         |                        |                       | cated attacker with logon to the infrastructure where Java SE executes |
|            |                         |                        |                       |  to compromise Java SE. Successful attacks of this vulnerability can r |
|            |                         |                        |                       | esult in unauthorized access to critical data or complete access to al |
|            |                         |                        |                       | l Java SE accessible data. Note: This vulnerability applies to Java de |
|            |                         |                        |                       | ployments, typically in clients running sandboxed Java Web Start appli |
|            |                         |                        |                       | cations or sandboxed Java applets (in Java SE 8), that load and run un |
|            |                         |                        |                       | trusted code (e.g., code that comes from the internet) and rely on the |
|            |                         |                        |                       |  Java sandbox for security. This vulnerability can also be exploited b |
|            |                         |                        |                       | y using APIs in the specified Component, e.g., through a web service w |
|            |                         |                        |                       | hich supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiali |
|            |                         |                        |                       | ty impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A: |
|            |                         |                        |                       |                                  N).                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2762   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav |
|            |                         |                        |                       | a SE (subcomponent: Utilities). Supported versions that are affected a |
|            |                         |                        |                       | re Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.  |
|            |                         |                        |                       | Easily exploitable vulnerability allows unauthenticated attacker with  |
|            |                         |                        |                       | network access via multiple protocols to compromise Java SE, Java SE E |
|            |                         |                        |                       | mbedded. Successful attacks of this vulnerability can result in unauth |
|            |                         |                        |                       | orized ability to cause a partial denial of service (partial DOS) of J |
|            |                         |                        |                       | ava SE, Java SE Embedded. Note: This vulnerability applies to Java dep |
|            |                         |                        |                       | loyments, typically in clients running sandboxed Java Web Start applic |
|            |                         |                        |                       | ations or sandboxed Java applets (in Java SE 8), that load and run unt |
|            |                         |                        |                       | rusted code (e.g., code that comes from the internet) and rely on the  |
|            |                         |                        |                       | Java sandbox for security. This vulnerability can also be exploited by |
|            |                         |                        |                       |  using APIs in the specified Component, e.g., through a web service wh |
|            |                         |                        |                       | ich supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability i |
|            |                         |                        |                       | mpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2769   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav |
|            |                         |                        |                       | a SE (subcomponent: Utilities). Supported versions that are affected a |
|            |                         |                        |                       | re Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211.  |
|            |                         |                        |                       | Easily exploitable vulnerability allows unauthenticated attacker with  |
|            |                         |                        |                       | network access via multiple protocols to compromise Java SE, Java SE E |
|            |                         |                        |                       | mbedded. Successful attacks of this vulnerability can result in unauth |
|            |                         |                        |                       | orized ability to cause a partial denial of service (partial DOS) of J |
|            |                         |                        |                       | ava SE, Java SE Embedded. Note: This vulnerability applies to Java dep |
|            |                         |                        |                       | loyments, typically in clients running sandboxed Java Web Start applic |
|            |                         |                        |                       | ations or sandboxed Java applets (in Java SE 8), that load and run unt |
|            |                         |                        |                       | rusted code (e.g., code that comes from the internet) and rely on the  |
|            |                         |                        |                       | Java sandbox for security. This vulnerability can also be exploited by |
|            |                         |                        |                       |  using APIs in the specified Component, e.g., through a web service wh |
|            |                         |                        |                       | ich supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability i |
|            |                         |                        |                       | mpacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2816   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav |
|            |                         |                        |                       | a SE (subcomponent: Networking). Supported versions that are affected  |
|            |                         |                        |                       | are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. |
|            |                         |                        |                       |  Difficult to exploit vulnerability allows unauthenticated attacker wi |
|            |                         |                        |                       | th network access via multiple protocols to compromise Java SE, Java S |
|            |                         |                        |                       | E Embedded. Successful attacks of this vulnerability can result in una |
|            |                         |                        |                       | uthorized update, insert or delete access to some of Java SE, Java SE  |
|            |                         |                        |                       | Embedded accessible data as well as unauthorized read access to a subs |
|            |                         |                        |                       | et of Java SE, Java SE Embedded accessible data. Note: This vulnerabil |
|            |                         |                        |                       | ity applies to Java deployments, typically in clients running sandboxe |
|            |                         |                        |                       | d Java Web Start applications or sandboxed Java applets (in Java SE 8) |
|            |                         |                        |                       | , that load and run untrusted code (e.g., code that comes from the int |
|            |                         |                        |                       | ernet) and rely on the Java sandbox for security. This vulnerability c |
|            |                         |                        |                       | an also be exploited by using APIs in the specified Component, e.g., t |
|            |                         |                        |                       | hrough a web service which supplies data to the APIs. CVSS 3.0 Base Sc |
|            |                         |                        |                       | ore 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3. |
|            |                         |                        |                       |                0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2949   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Kerberos). Supported versions that are affected are Jav |
|            |                         |                        |                       | a SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult  |
|            |                         |                        |                       | to exploit vulnerability allows unauthenticated attacker with network  |
|            |                         |                        |                       | access via Kerberos to compromise Java SE, Java SE Embedded. While the |
|            |                         |                        |                       |  vulnerability is in Java SE, Java SE Embedded, attacks may significan |
|            |                         |                        |                       | tly impact additional products. Successful attacks of this vulnerabili |
|            |                         |                        |                       | ty can result in unauthorized access to critical data or complete acce |
|            |                         |                        |                       | ss to all Java SE, Java SE Embedded accessible data. Note: This vulner |
|            |                         |                        |                       | ability applies to Java deployments, typically in clients running sand |
|            |                         |                        |                       | boxed Java Web Start applications or sandboxed Java applets (in Java S |
|            |                         |                        |                       | E 8), that load and run untrusted code (e.g., code that comes from the |
|            |                         |                        |                       |  internet) and rely on the Java sandbox for security. This vulnerabili |
|            |                         |                        |                       | ty can also be exploited by using APIs in the specified Component, e.g |
|            |                         |                        |                       | ., through a web service which supplies data to the APIs. CVSS 3.0 Bas |
|            |                         |                        |                       | e Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC: |
|            |                         |                        |                       |                     H/PR:N/UI:N/S:C/C:H/I:N/A:N).                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2975   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Scripting). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exp |
|            |                         |                        |                       | loit vulnerability allows unauthenticated attacker with network access |
|            |                         |                        |                       |  via multiple protocols to compromise Java SE, Java SE Embedded. Succe |
|            |                         |                        |                       | ssful attacks of this vulnerability can result in unauthorized update, |
|            |                         |                        |                       |  insert or delete access to some of Java SE, Java SE Embedded accessib |
|            |                         |                        |                       | le data and unauthorized ability to cause a partial denial of service  |
|            |                         |                        |                       | (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability a |
|            |                         |                        |                       | pplies to Java deployments, typically in clients running sandboxed Jav |
|            |                         |                        |                       | a Web Start applications or sandboxed Java applets (in Java SE 8), tha |
|            |                         |                        |                       | t load and run untrusted code (e.g., code that comes from the internet |
|            |                         |                        |                       | ) and rely on the Java sandbox for security. This vulnerability can al |
|            |                         |                        |                       | so be exploited by using APIs in the specified Component, e.g., throug |
|            |                         |                        |                       | h a web service which supplies data to the APIs. CVSS 3.0 Base Score 4 |
|            |                         |                        |                       | .8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/A |
|            |                         |                        |                       |                    C:H/PR:N/UI:N/S:U/C:N/I:L/A:L).                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2989   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Networking). Supported versions that are affected are J |
|            |                         |                        |                       | ava SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficul |
|            |                         |                        |                       | t to exploit vulnerability allows unauthenticated attacker with networ |
|            |                         |                        |                       | k access via multiple protocols to compromise Java SE, Java SE Embedde |
|            |                         |                        |                       | d. While the vulnerability is in Java SE, Java SE Embedded, attacks ma |
|            |                         |                        |                       | y significantly impact additional products. Successful attacks of this |
|            |                         |                        |                       |  vulnerability can result in unauthorized creation, deletion or modifi |
|            |                         |                        |                       | cation access to critical data or all Java SE, Java SE Embedded access |
|            |                         |                        |                       | ible data. Note: This vulnerability applies to Java deployments, typic |
|            |                         |                        |                       | ally in clients running sandboxed Java Web Start applications or sandb |
|            |                         |                        |                       | oxed Java applets (in Java SE 8), that load and run untrusted code (e. |
|            |                         |                        |                       | g., code that comes from the internet) and rely on the Java sandbox fo |
|            |                         |                        |                       | r security. This vulnerability can also be exploited by using APIs in  |
|            |                         |                        |                       | the specified Component, e.g., through a web service which supplies da |
|            |                         |                        |                       | ta to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vec |
|            |                         |                        |                       |          tor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-2999   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE product of Oracle Java SE (component: Jav |
|            |                         |                        |                       | adoc). Supported versions that are affected are Java SE: 7u231, 8u221, |
|            |                         |                        |                       |  11.0.4 and 13. Difficult to exploit vulnerability allows unauthentica |
|            |                         |                        |                       | ted attacker with network access via multiple protocols to compromise  |
|            |                         |                        |                       | Java SE. Successful attacks require human interaction from a person ot |
|            |                         |                        |                       | her than the attacker and while the vulnerability is in Java SE, attac |
|            |                         |                        |                       | ks may significantly impact additional products. Successful attacks of |
|            |                         |                        |                       |  this vulnerability can result in unauthorized update, insert or delet |
|            |                         |                        |                       | e access to some of Java SE accessible data as well as unauthorized re |
|            |                         |                        |                       | ad access to a subset of Java SE accessible data. Note: This vulnerabi |
|            |                         |                        |                       | lity applies to Java deployments, typically in clients running sandbox |
|            |                         |                        |                       | ed Java Web Start applications or sandboxed Java applets (in Java SE 8 |
|            |                         |                        |                       | ), that load and run untrusted code (e.g., code that comes from the in |
|            |                         |                        |                       | ternet) and rely on the Java sandbox for security. This vulnerability  |
|            |                         |                        |                       | does not apply to Java deployments, typically in servers, that load an |
|            |                         |                        |                       | d run only trusted code (e.g., code installed by an administrator). CV |
|            |                         |                        |                       | SS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Ve |
|            |                         |                        |                       |         ctor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14556  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to |
|            |                         |                        |                       |  exploit vulnerability allows unauthenticated attacker with network ac |
|            |                         |                        |                       | cess via multiple protocols to compromise Java SE, Java SE Embedded. S |
|            |                         |                        |                       | uccessful attacks of this vulnerability can result in unauthorized upd |
|            |                         |                        |                       | ate, insert or delete access to some of Java SE, Java SE Embedded acce |
|            |                         |                        |                       | ssible data as well as unauthorized read access to a subset of Java SE |
|            |                         |                        |                       | , Java SE Embedded accessible data. Note: Applies to client and server |
|            |                         |                        |                       |  deployment of Java. This vulnerability can be exploited through sandb |
|            |                         |                        |                       | oxed Java Web Start applications and sandboxed Java applets. It can al |
|            |                         |                        |                       | so be exploited by supplying data to APIs in the specified Component w |
|            |                         |                        |                       | ithout using sandboxed Java Web Start applications or sandboxed Java a |
|            |                         |                        |                       | pplets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confid |
|            |                         |                        |                       | entiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR: |
|            |                         |                        |                       |                        N/UI:N/S:U/C:L/I:L/A:N).                        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14621  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: JAXP). Supported versions that are affected are Java SE |
|            |                         |                        |                       | : 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exp |
|            |                         |                        |                       | loitable vulnerability allows unauthenticated attacker with network ac |
|            |                         |                        |                       | cess via multiple protocols to compromise Java SE, Java SE Embedded. S |
|            |                         |                        |                       | uccessful attacks of this vulnerability can result in unauthorized upd |
|            |                         |                        |                       | ate, insert or delete access to some of Java SE, Java SE Embedded acce |
|            |                         |                        |                       | ssible data. Note: This vulnerability can only be exploited by supplyi |
|            |                         |                        |                       | ng data to APIs in the specified Component without using Untrusted Jav |
|            |                         |                        |                       | a Web Start applications or Untrusted Java applets, such as through a  |
|            |                         |                        |                       | web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: |
|            |                         |                        |                       |             (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14779  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Serialization). Supported versions that are affected ar |
|            |                         |                        |                       | e Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Diffi |
|            |                         |                        |                       | cult to exploit vulnerability allows unauthenticated attacker with net |
|            |                         |                        |                       | work access via multiple protocols to compromise Java SE, Java SE Embe |
|            |                         |                        |                       | dded. Successful attacks of this vulnerability can result in unauthori |
|            |                         |                        |                       | zed ability to cause a partial denial of service (partial DOS) of Java |
|            |                         |                        |                       |  SE, Java SE Embedded. Note: Applies to client and server deployment o |
|            |                         |                        |                       | f Java. This vulnerability can be exploited through sandboxed Java Web |
|            |                         |                        |                       |  Start applications and sandboxed Java applets. It can also be exploit |
|            |                         |                        |                       | ed by supplying data to APIs in the specified Component without using  |
|            |                         |                        |                       | sandboxed Java Web Start applications or sandboxed Java applets, such  |
|            |                         |                        |                       | as through a web service. CVSS 3.1 Base Score 3.7 (Availability impact |
|            |                         |                        |                       |    s). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14781  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: JNDI). Supported versions that are affected are Java SE |
|            |                         |                        |                       | : 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to e |
|            |                         |                        |                       | xploit vulnerability allows unauthenticated attacker with network acce |
|            |                         |                        |                       | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc |
|            |                         |                        |                       | cessful attacks of this vulnerability can result in unauthorized read  |
|            |                         |                        |                       | access to a subset of Java SE, Java SE Embedded accessible data. Note: |
|            |                         |                        |                       |  Applies to client and server deployment of Java. This vulnerability c |
|            |                         |                        |                       | an be exploited through sandboxed Java Web Start applications and sand |
|            |                         |                        |                       | boxed Java applets. It can also be exploited by supplying data to APIs |
|            |                         |                        |                       |  in the specified Component without using sandboxed Java Web Start app |
|            |                         |                        |                       | lications or sandboxed Java applets, such as through a web service. CV |
|            |                         |                        |                       | SS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3. |
|            |                         |                        |                       |                1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14782  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult |
|            |                         |                        |                       |  to exploit vulnerability allows unauthenticated attacker with network |
|            |                         |                        |                       |  access via multiple protocols to compromise Java SE, Java SE Embedded |
|            |                         |                        |                       | . Successful attacks of this vulnerability can result in unauthorized  |
|            |                         |                        |                       | update, insert or delete access to some of Java SE, Java SE Embedded a |
|            |                         |                        |                       | ccessible data. Note: Applies to client and server deployment of Java. |
|            |                         |                        |                       |  This vulnerability can be exploited through sandboxed Java Web Start  |
|            |                         |                        |                       | applications and sandboxed Java applets. It can also be exploited by s |
|            |                         |                        |                       | upplying data to APIs in the specified Component without using sandbox |
|            |                         |                        |                       | ed Java Web Start applications or sandboxed Java applets, such as thro |
|            |                         |                        |                       | ugh a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS V |
|            |                         |                        |                       |         ector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14792  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Hotspot). Supported versions that are affected are Java |
|            |                         |                        |                       |  SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult t |
|            |                         |                        |                       | o exploit vulnerability allows unauthenticated attacker with network a |
|            |                         |                        |                       | ccess via multiple protocols to compromise Java SE, Java SE Embedded.  |
|            |                         |                        |                       | Successful attacks require human interaction from a person other than  |
|            |                         |                        |                       | the attacker. Successful attacks of this vulnerability can result in u |
|            |                         |                        |                       | nauthorized update, insert or delete access to some of Java SE, Java S |
|            |                         |                        |                       | E Embedded accessible data as well as unauthorized read access to a su |
|            |                         |                        |                       | bset of Java SE, Java SE Embedded accessible data. Note: Applies to cl |
|            |                         |                        |                       | ient and server deployment of Java. This vulnerability can be exploite |
|            |                         |                        |                       | d through sandboxed Java Web Start applications and sandboxed Java app |
|            |                         |                        |                       | lets. It can also be exploited by supplying data to APIs in the specif |
|            |                         |                        |                       | ied Component without using sandboxed Java Web Start applications or s |
|            |                         |                        |                       | andboxed Java applets, such as through a web service. CVSS 3.1 Base Sc |
|            |                         |                        |                       | ore 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3. |
|            |                         |                        |                       |                1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14797  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult |
|            |                         |                        |                       |  to exploit vulnerability allows unauthenticated attacker with network |
|            |                         |                        |                       |  access via multiple protocols to compromise Java SE, Java SE Embedded |
|            |                         |                        |                       | . Successful attacks of this vulnerability can result in unauthorized  |
|            |                         |                        |                       | update, insert or delete access to some of Java SE, Java SE Embedded a |
|            |                         |                        |                       | ccessible data. Note: Applies to client and server deployment of Java. |
|            |                         |                        |                       |  This vulnerability can be exploited through sandboxed Java Web Start  |
|            |                         |                        |                       | applications and sandboxed Java applets. It can also be exploited by s |
|            |                         |                        |                       | upplying data to APIs in the specified Component without using sandbox |
|            |                         |                        |                       | ed Java Web Start applications or sandboxed Java applets, such as thro |
|            |                         |                        |                       | ugh a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS V |
|            |                         |                        |                       |         ector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-14803  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE product of Oracle Java SE (component: Lib |
|            |                         |                        |                       | raries). Supported versions that are affected are Java SE: 11.0.8 and  |
|            |                         |                        |                       | 15. Easily exploitable vulnerability allows unauthenticated attacker w |
|            |                         |                        |                       | ith network access via multiple protocols to compromise Java SE. Succe |
|            |                         |                        |                       | ssful attacks of this vulnerability can result in unauthorized read ac |
|            |                         |                        |                       | cess to a subset of Java SE accessible data. Note: This vulnerability  |
|            |                         |                        |                       | applies to Java deployments, typically in clients running sandboxed Ja |
|            |                         |                        |                       | va Web Start applications or sandboxed Java applets, that load and run |
|            |                         |                        |                       |  untrusted code (e.g., code that comes from the internet) and rely on  |
|            |                         |                        |                       | the Java sandbox for security. This vulnerability does not apply to Ja |
|            |                         |                        |                       | va deployments, typically in servers, that load and run only trusted c |
|            |                         |                        |                       | ode (e.g., code installed by an administrator). CVSS 3.1 Base Score 5. |
|            |                         |                        |                       | 3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI: |
|            |                         |                        |                       |                          N/S:U/C:L/I:N/A:N).                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-2593   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Networking). Supported versions that are affected are J |
|            |                         |                        |                       | ava SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Diff |
|            |                         |                        |                       | icult to exploit vulnerability allows unauthenticated attacker with ne |
|            |                         |                        |                       | twork access via multiple protocols to compromise Java SE, Java SE Emb |
|            |                         |                        |                       | edded. Successful attacks of this vulnerability can result in unauthor |
|            |                         |                        |                       | ized update, insert or delete access to some of Java SE, Java SE Embed |
|            |                         |                        |                       | ded accessible data as well as unauthorized read access to a subset of |
|            |                         |                        |                       |  Java SE, Java SE Embedded accessible data. Note: This vulnerability a |
|            |                         |                        |                       | pplies to Java deployments, typically in clients running sandboxed Jav |
|            |                         |                        |                       | a Web Start applications or sandboxed Java applets (in Java SE 8), tha |
|            |                         |                        |                       | t load and run untrusted code (e.g., code that comes from the internet |
|            |                         |                        |                       | ) and rely on the Java sandbox for security. This vulnerability can al |
|            |                         |                        |                       | so be exploited by using APIs in the specified Component, e.g., throug |
|            |                         |                        |                       | h a web service which supplies data to the APIs. CVSS 3.0 Base Score 4 |
|            |                         |                        |                       | .8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV: |
|            |                         |                        |                       |                   N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-2601   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Security). Supported versions that are affected are Jav |
|            |                         |                        |                       | a SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Diffic |
|            |                         |                        |                       | ult to exploit vulnerability allows unauthenticated attacker with netw |
|            |                         |                        |                       | ork access via Kerberos to compromise Java SE, Java SE Embedded. While |
|            |                         |                        |                       |  the vulnerability is in Java SE, Java SE Embedded, attacks may signif |
|            |                         |                        |                       | icantly impact additional products. Successful attacks of this vulnera |
|            |                         |                        |                       | bility can result in unauthorized access to critical data or complete  |
|            |                         |                        |                       | access to all Java SE, Java SE Embedded accessible data. Note: This vu |
|            |                         |                        |                       | lnerability applies to Java deployments, typically in clients running  |
|            |                         |                        |                       | sandboxed Java Web Start applications or sandboxed Java applets (in Ja |
|            |                         |                        |                       | va SE 8), that load and run untrusted code (e.g., code that comes from |
|            |                         |                        |                       |  the internet) and rely on the Java sandbox for security. This vulnera |
|            |                         |                        |                       | bility can also be exploited by using APIs in the specified Component, |
|            |                         |                        |                       |  e.g., through a web service which supplies data to the APIs. CVSS 3.0 |
|            |                         |                        |                       |  Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N |
|            |                         |                        |                       |                   /AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-2781   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: JSSE). Supported versions that are affected are Java SE |
|            |                         |                        |                       | : 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploit |
|            |                         |                        |                       | able vulnerability allows unauthenticated attacker with network access |
|            |                         |                        |                       |  via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks |
|            |                         |                        |                       |  of this vulnerability can result in unauthorized ability to cause a p |
|            |                         |                        |                       | artial denial of service (partial DOS) of Java SE, Java SE Embedded. N |
|            |                         |                        |                       | ote: Applies to client and server deployment of Java. This vulnerabili |
|            |                         |                        |                       | ty can be exploited through sandboxed Java Web Start applications and  |
|            |                         |                        |                       | sandboxed Java applets. It can also be exploited by supplying data to  |
|            |                         |                        |                       | APIs in the specified Component without using sandboxed Java Web Start |
|            |                         |                        |                       |  applications or sandboxed Java applets, such as through a web service |
|            |                         |                        |                       | . CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3 |
|            |                         |                        |                       |                .0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-2800   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Lightweight HTTP Server). Supported versions that are a |
|            |                         |                        |                       | ffected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u |
|            |                         |                        |                       | 241. Difficult to exploit vulnerability allows unauthenticated attacke |
|            |                         |                        |                       | r with network access via multiple protocols to compromise Java SE, Ja |
|            |                         |                        |                       | va SE Embedded. Successful attacks of this vulnerability can result in |
|            |                         |                        |                       |  unauthorized update, insert or delete access to some of Java SE, Java |
|            |                         |                        |                       |  SE Embedded accessible data as well as unauthorized read access to a  |
|            |                         |                        |                       | subset of Java SE, Java SE Embedded accessible data. Note: This vulner |
|            |                         |                        |                       | ability can only be exploited by supplying data to APIs in the specifi |
|            |                         |                        |                       | ed Component without using Untrusted Java Web Start applications or Un |
|            |                         |                        |                       | trusted Java applets, such as through a web service. CVSS 3.0 Base Sco |
|            |                         |                        |                       | re 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0 |
|            |                         |                        |                       |                 /AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-2830   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Concurrency). Supported versions that are affected are  |
|            |                         |                        |                       | Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily  |
|            |                         |                        |                       | exploitable vulnerability allows unauthenticated attacker with network |
|            |                         |                        |                       |  access via multiple protocols to compromise Java SE, Java SE Embedded |
|            |                         |                        |                       | . Successful attacks of this vulnerability can result in unauthorized  |
|            |                         |                        |                       | ability to cause a partial denial of service (partial DOS) of Java SE, |
|            |                         |                        |                       |  Java SE Embedded. Note: Applies to client and server deployment of Ja |
|            |                         |                        |                       | va. This vulnerability can be exploited through sandboxed Java Web Sta |
|            |                         |                        |                       | rt applications and sandboxed Java applets. It can also be exploited b |
|            |                         |                        |                       | y supplying data to APIs in the specified Component without using sand |
|            |                         |                        |                       | boxed Java Web Start applications or sandboxed Java applets, such as t |
|            |                         |                        |                       | hrough a web service. CVSS 3.0 Base Score 5.3 (Availability impacts).  |
|            |                         |                        |                       |      CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-2341   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: Networking). Supported versions that a |
|            |                         |                        |                       | re affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM |
|            |                         |                        |                       |  Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerabi |
|            |                         |                        |                       | lity allows unauthenticated attacker with network access via multiple  |
|            |                         |                        |                       | protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Su |
|            |                         |                        |                       | ccessful attacks require human interaction from a person other than th |
|            |                         |                        |                       | e attacker. Successful attacks of this vulnerability can result in una |
|            |                         |                        |                       | uthorized read access to a subset of Java SE, Oracle GraalVM Enterpris |
|            |                         |                        |                       | e Edition accessible data. Note: This vulnerability applies to Java de |
|            |                         |                        |                       | ployments, typically in clients running sandboxed Java Web Start appli |
|            |                         |                        |                       | cations or sandboxed Java applets, that load and run untrusted code (e |
|            |                         |                        |                       | .g., code that comes from the internet) and rely on the Java sandbox f |
|            |                         |                        |                       | or security. This vulnerability does not apply to Java deployments, ty |
|            |                         |                        |                       | pically in servers, that load and run only trusted code (e.g., code in |
|            |                         |                        |                       | stalled by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality |
|            |                         |                        |                       |  impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-2369   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: Library). Supported versions that are  |
|            |                         |                        |                       | affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM En |
|            |                         |                        |                       | terprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability  |
|            |                         |                        |                       | allows unauthenticated attacker with network access via multiple proto |
|            |                         |                        |                       | cols to compromise Java SE, Oracle GraalVM Enterprise Edition. Success |
|            |                         |                        |                       | ful attacks require human interaction from a person other than the att |
|            |                         |                        |                       | acker. Successful attacks of this vulnerability can result in unauthor |
|            |                         |                        |                       | ized update, insert or delete access to some of Java SE, Oracle GraalV |
|            |                         |                        |                       | M Enterprise Edition accessible data. Note: This vulnerability applies |
|            |                         |                        |                       |  to Java deployments, typically in clients running sandboxed Java Web  |
|            |                         |                        |                       | Start applications or sandboxed Java applets, that load and run untrus |
|            |                         |                        |                       | ted code (e.g., code that comes from the internet) and rely on the Jav |
|            |                         |                        |                       | a sandbox for security. This vulnerability does not apply to Java depl |
|            |                         |                        |                       | oyments, typically in servers, that load and run only trusted code (e. |
|            |                         |                        |                       | g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Inte |
|            |                         |                        |                       | grity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L |
|            |                         |                        |                       |                                 /A:N).                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-2388   | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: Hotspot). Supported versions that are  |
|            |                         |                        |                       | affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterpris |
|            |                         |                        |                       | e Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allow |
|            |                         |                        |                       | s unauthenticated attacker with network access via multiple protocols  |
|            |                         |                        |                       | to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful a |
|            |                         |                        |                       | ttacks require human interaction from a person other than the attacker |
|            |                         |                        |                       | . Successful attacks of this vulnerability can result in takeover of J |
|            |                         |                        |                       | ava SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability ap |
|            |                         |                        |                       | plies to Java deployments, typically in clients running sandboxed Java |
|            |                         |                        |                       |  Web Start applications or sandboxed Java applets, that load and run u |
|            |                         |                        |                       | ntrusted code (e.g., code that comes from the internet) and rely on th |
|            |                         |                        |                       | e Java sandbox for security. This vulnerability does not apply to Java |
|            |                         |                        |                       |  deployments, typically in servers, that load and run only trusted cod |
|            |                         |                        |                       | e (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5  |
|            |                         |                        |                       | (Confidentiality, Integrity and Availability impacts). CVSS Vector: (C |
|            |                         |                        |                       |             VSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-35550  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: JSSE). Supported versions that are aff |
|            |                         |                        |                       | ected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Ed |
|            |                         |                        |                       | ition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows un |
|            |                         |                        |                       | authenticated attacker with network access via TLS to compromise Java  |
|            |                         |                        |                       | SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vuln |
|            |                         |                        |                       | erability can result in unauthorized access to critical data or comple |
|            |                         |                        |                       | te access to all Java SE, Oracle GraalVM Enterprise Edition accessible |
|            |                         |                        |                       |  data. Note: This vulnerability applies to Java deployments, typically |
|            |                         |                        |                       |  in clients running sandboxed Java Web Start applications or sandboxed |
|            |                         |                        |                       |  Java applets, that load and run untrusted code (e.g., code that comes |
|            |                         |                        |                       |  from the internet) and rely on the Java sandbox for security. This vu |
|            |                         |                        |                       | lnerability can also be exploited by using APIs in the specified Compo |
|            |                         |                        |                       | nent, e.g., through a web service which supplies data to the APIs. CVS |
|            |                         |                        |                       | S 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1 |
|            |                         |                        |                       |                 /AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-35556  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: Swing). Supported versions that are af |
|            |                         |                        |                       | fected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterpri |
|            |                         |                        |                       | se Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows |
|            |                         |                        |                       |  unauthenticated attacker with network access via multiple protocols t |
|            |                         |                        |                       | o compromise Java SE, Oracle GraalVM Enterprise Edition. Successful at |
|            |                         |                        |                       | tacks of this vulnerability can result in unauthorized ability to caus |
|            |                         |                        |                       | e a partial denial of service (partial DOS) of Java SE, Oracle GraalVM |
|            |                         |                        |                       |  Enterprise Edition. Note: This vulnerability applies to Java deployme |
|            |                         |                        |                       | nts, typically in clients running sandboxed Java Web Start application |
|            |                         |                        |                       | s or sandboxed Java applets, that load and run untrusted code (e.g., c |
|            |                         |                        |                       | ode that comes from the internet) and rely on the Java sandbox for sec |
|            |                         |                        |                       | urity. This vulnerability does not apply to Java deployments, typicall |
|            |                         |                        |                       | y in servers, that load and run only trusted code (e.g., code installe |
|            |                         |                        |                       | d by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts) |
|            |                         |                        |                       |     . CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-35559  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: Swing). Supported versions that are af |
|            |                         |                        |                       | fected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterpri |
|            |                         |                        |                       | se Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows |
|            |                         |                        |                       |  unauthenticated attacker with network access via multiple protocols t |
|            |                         |                        |                       | o compromise Java SE, Oracle GraalVM Enterprise Edition. Successful at |
|            |                         |                        |                       | tacks of this vulnerability can result in unauthorized ability to caus |
|            |                         |                        |                       | e a partial denial of service (partial DOS) of Java SE, Oracle GraalVM |
|            |                         |                        |                       |  Enterprise Edition. Note: This vulnerability applies to Java deployme |
|            |                         |                        |                       | nts, typically in clients running sandboxed Java Web Start application |
|            |                         |                        |                       | s or sandboxed Java applets, that load and run untrusted code (e.g., c |
|            |                         |                        |                       | ode that comes from the internet) and rely on the Java sandbox for sec |
|            |                         |                        |                       | urity. This vulnerability can also be exploited by using APIs in the s |
|            |                         |                        |                       | pecified Component, e.g., through a web service which supplies data to |
|            |                         |                        |                       |  the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector |
|            |                         |                        |                       |           : (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-35561  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: Utility). Supported versions that are  |
|            |                         |                        |                       | affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterp |
|            |                         |                        |                       | rise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allo |
|            |                         |                        |                       | ws unauthenticated attacker with network access via multiple protocols |
|            |                         |                        |                       |  to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful  |
|            |                         |                        |                       | attacks of this vulnerability can result in unauthorized ability to ca |
|            |                         |                        |                       | use a partial denial of service (partial DOS) of Java SE, Oracle Graal |
|            |                         |                        |                       | VM Enterprise Edition. Note: This vulnerability applies to Java deploy |
|            |                         |                        |                       | ments, typically in clients running sandboxed Java Web Start applicati |
|            |                         |                        |                       | ons or sandboxed Java applets, that load and run untrusted code (e.g., |
|            |                         |                        |                       |  code that comes from the internet) and rely on the Java sandbox for s |
|            |                         |                        |                       | ecurity. This vulnerability can also be exploited by using APIs in the |
|            |                         |                        |                       |  specified Component, e.g., through a web service which supplies data  |
|            |                         |                        |                       | to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vect |
|            |                         |                        |                       |          or: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-35564  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: Keytool). Supported versions that are  |
|            |                         |                        |                       | affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterp |
|            |                         |                        |                       | rise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allo |
|            |                         |                        |                       | ws unauthenticated attacker with network access via multiple protocols |
|            |                         |                        |                       |  to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful  |
|            |                         |                        |                       | attacks of this vulnerability can result in unauthorized update, inser |
|            |                         |                        |                       | t or delete access to some of Java SE, Oracle GraalVM Enterprise Editi |
|            |                         |                        |                       | on accessible data. Note: This vulnerability applies to Java deploymen |
|            |                         |                        |                       | ts, typically in clients running sandboxed Java Web Start applications |
|            |                         |                        |                       |  or sandboxed Java applets, that load and run untrusted code (e.g., co |
|            |                         |                        |                       | de that comes from the internet) and rely on the Java sandbox for secu |
|            |                         |                        |                       | rity. This vulnerability can also be exploited by using APIs in the sp |
|            |                         |                        |                       | ecified Component, e.g., through a web service which supplies data to  |
|            |                         |                        |                       | the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (C |
|            |                         |                        |                       |             VSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-35565  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: JSSE). Supported versions that are aff |
|            |                         |                        |                       | ected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Ed |
|            |                         |                        |                       | ition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unau |
|            |                         |                        |                       | thenticated attacker with network access via TLS to compromise Java SE |
|            |                         |                        |                       | , Oracle GraalVM Enterprise Edition. Successful attacks of this vulner |
|            |                         |                        |                       | ability can result in unauthorized ability to cause a partial denial o |
|            |                         |                        |                       | f service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. |
|            |                         |                        |                       |  Note: This vulnerability can only be exploited by supplying data to A |
|            |                         |                        |                       | PIs in the specified Component without using Untrusted Java Web Start  |
|            |                         |                        |                       | applications or Untrusted Java applets, such as through a web service. |
|            |                         |                        |                       |  CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3. |
|            |                         |                        |                       |                1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-35567  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: Libraries). Supported versions that ar |
|            |                         |                        |                       | e affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise  |
|            |                         |                        |                       | Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows lo |
|            |                         |                        |                       | w privileged attacker with network access via Kerberos to compromise J |
|            |                         |                        |                       | ava SE, Oracle GraalVM Enterprise Edition. Successful attacks require  |
|            |                         |                        |                       | human interaction from a person other than the attacker and while the  |
|            |                         |                        |                       | vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attack |
|            |                         |                        |                       | s may significantly impact additional products. Successful attacks of  |
|            |                         |                        |                       | this vulnerability can result in unauthorized access to critical data  |
|            |                         |                        |                       | or complete access to all Java SE, Oracle GraalVM Enterprise Edition a |
|            |                         |                        |                       | ccessible data. Note: This vulnerability applies to Java deployments,  |
|            |                         |                        |                       | typically in clients running sandboxed Java Web Start applications or  |
|            |                         |                        |                       | sandboxed Java applets, that load and run untrusted code (e.g., code t |
|            |                         |                        |                       | hat comes from the internet) and rely on the Java sandbox for security |
|            |                         |                        |                       | . This vulnerability can also be exploited by using APIs in the specif |
|            |                         |                        |                       | ied Component, e.g., through a web service which supplies data to the  |
|            |                         |                        |                       | APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector:  |
|            |                         |                        |                       |            (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-35578  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: JSSE). Supported versions that are aff |
|            |                         |                        |                       | ected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Editi |
|            |                         |                        |                       | on: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthe |
|            |                         |                        |                       | nticated attacker with network access via TLS to compromise Java SE, O |
|            |                         |                        |                       | racle GraalVM Enterprise Edition. Successful attacks of this vulnerabi |
|            |                         |                        |                       | lity can result in unauthorized ability to cause a partial denial of s |
|            |                         |                        |                       | ervice (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. No |
|            |                         |                        |                       | te: This vulnerability can only be exploited by supplying data to APIs |
|            |                         |                        |                       |  in the specified Component without using Untrusted Java Web Start app |
|            |                         |                        |                       | lications or Untrusted Java applets, such as through a web service. CV |
|            |                         |                        |                       | SS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/A |
|            |                         |                        |                       |                  V:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-35586  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: ImageIO). Supported versions that are  |
|            |                         |                        |                       | affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterp |
|            |                         |                        |                       | rise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allo |
|            |                         |                        |                       | ws unauthenticated attacker with network access via multiple protocols |
|            |                         |                        |                       |  to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful  |
|            |                         |                        |                       | attacks of this vulnerability can result in unauthorized ability to ca |
|            |                         |                        |                       | use a partial denial of service (partial DOS) of Java SE, Oracle Graal |
|            |                         |                        |                       | VM Enterprise Edition. Note: This vulnerability applies to Java deploy |
|            |                         |                        |                       | ments, typically in clients running sandboxed Java Web Start applicati |
|            |                         |                        |                       | ons or sandboxed Java applets, that load and run untrusted code (e.g., |
|            |                         |                        |                       |  code that comes from the internet) and rely on the Java sandbox for s |
|            |                         |                        |                       | ecurity. This vulnerability can also be exploited by using APIs in the |
|            |                         |                        |                       |  specified Component, e.g., through a web service which supplies data  |
|            |                         |                        |                       | to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vect |
|            |                         |                        |                       |          or: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21248  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Serialization). Supported versi |
|            |                         |                        |                       | ons that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0. |
|            |                         |                        |                       | 1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to  |
|            |                         |                        |                       | exploit vulnerability allows unauthenticated attacker with network acc |
|            |                         |                        |                       | ess via multiple protocols to compromise Oracle Java SE, Oracle GraalV |
|            |                         |                        |                       | M Enterprise Edition. Successful attacks of this vulnerability can res |
|            |                         |                        |                       | ult in unauthorized update, insert or delete access to some of Oracle  |
|            |                         |                        |                       | Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This |
|            |                         |                        |                       |  vulnerability applies to Java deployments, typically in clients runni |
|            |                         |                        |                       | ng sandboxed Java Web Start applications or sandboxed Java applets, th |
|            |                         |                        |                       | at load and run untrusted code (e.g., code that comes from the interne |
|            |                         |                        |                       | t) and rely on the Java sandbox for security. This vulnerability can a |
|            |                         |                        |                       | lso be exploited by using APIs in the specified Component, e.g., throu |
|            |                         |                        |                       | gh a web service which supplies data to the APIs. CVSS 3.1 Base Score  |
|            |                         |                        |                       | 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S: |
|            |                         |                        |                       |                            U/C:N/I:L/A:N).                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21282  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: JAXP). Supported versions that  |
|            |                         |                        |                       | are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle |
|            |                         |                        |                       |  GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vul |
|            |                         |                        |                       | nerability allows unauthenticated attacker with network access via mul |
|            |                         |                        |                       | tiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpris |
|            |                         |                        |                       | e Edition. Successful attacks of this vulnerability can result in unau |
|            |                         |                        |                       | thorized read access to a subset of Oracle Java SE, Oracle GraalVM Ent |
|            |                         |                        |                       | erprise Edition accessible data. Note: This vulnerability applies to J |
|            |                         |                        |                       | ava deployments, typically in clients running sandboxed Java Web Start |
|            |                         |                        |                       |  applications or sandboxed Java applets, that load and run untrusted c |
|            |                         |                        |                       | ode (e.g., code that comes from the internet) and rely on the Java san |
|            |                         |                        |                       | dbox for security. This vulnerability can also be exploited by using A |
|            |                         |                        |                       | PIs in the specified Component, e.g., through a web service which supp |
|            |                         |                        |                       | lies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impact |
|            |                         |                        |                       |    s). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21283  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Libraries). Supported versions  |
|            |                         |                        |                       | that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM  |
|            |                         |                        |                       | Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerabilit |
|            |                         |                        |                       | y allows unauthenticated attacker with network access via multiple pro |
|            |                         |                        |                       | tocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       | . Successful attacks of this vulnerability can result in unauthorized  |
|            |                         |                        |                       | ability to cause a partial denial of service (partial DOS) of Oracle J |
|            |                         |                        |                       | ava SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability ap |
|            |                         |                        |                       | plies to Java deployments, typically in clients running sandboxed Java |
|            |                         |                        |                       |  Web Start applications or sandboxed Java applets, that load and run u |
|            |                         |                        |                       | ntrusted code (e.g., code that comes from the internet) and rely on th |
|            |                         |                        |                       | e Java sandbox for security. This vulnerability can also be exploited  |
|            |                         |                        |                       | by using APIs in the specified Component, e.g., through a web service  |
|            |                         |                        |                       | which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability |
|            |                         |                        |                       |  impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) |
|            |                         |                        |                       |                                   .                                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21293  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Libraries). Supported versions  |
|            |                         |                        |                       | that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; O |
|            |                         |                        |                       | racle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitabl |
|            |                         |                        |                       | e vulnerability allows unauthenticated attacker with network access vi |
|            |                         |                        |                       | a multiple protocols to compromise Oracle Java SE, Oracle GraalVM Ente |
|            |                         |                        |                       | rprise Edition. Successful attacks of this vulnerability can result in |
|            |                         |                        |                       |  unauthorized ability to cause a partial denial of service (partial DO |
|            |                         |                        |                       | S) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vu |
|            |                         |                        |                       | lnerability applies to Java deployments, typically in clients running  |
|            |                         |                        |                       | sandboxed Java Web Start applications or sandboxed Java applets, that  |
|            |                         |                        |                       | load and run untrusted code (e.g., code that comes from the internet)  |
|            |                         |                        |                       | and rely on the Java sandbox for security. This vulnerability can also |
|            |                         |                        |                       |  be exploited by using APIs in the specified Component, e.g., through  |
|            |                         |                        |                       | a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 |
|            |                         |                        |                       |  (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S: |
|            |                         |                        |                       |                            U/C:N/I:N/A:L).                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21294  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Libraries). Supported versions  |
|            |                         |                        |                       | that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; O |
|            |                         |                        |                       | racle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitabl |
|            |                         |                        |                       | e vulnerability allows unauthenticated attacker with network access vi |
|            |                         |                        |                       | a multiple protocols to compromise Oracle Java SE, Oracle GraalVM Ente |
|            |                         |                        |                       | rprise Edition. Successful attacks of this vulnerability can result in |
|            |                         |                        |                       |  unauthorized ability to cause a partial denial of service (partial DO |
|            |                         |                        |                       | S) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vu |
|            |                         |                        |                       | lnerability applies to Java deployments, typically in clients running  |
|            |                         |                        |                       | sandboxed Java Web Start applications or sandboxed Java applets, that  |
|            |                         |                        |                       | load and run untrusted code (e.g., code that comes from the internet)  |
|            |                         |                        |                       | and rely on the Java sandbox for security. This vulnerability can also |
|            |                         |                        |                       |  be exploited by using APIs in the specified Component, e.g., through  |
|            |                         |                        |                       | a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 |
|            |                         |                        |                       |  (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S: |
|            |                         |                        |                       |                            U/C:N/I:N/A:L).                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21296  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: JAXP). Supported versions that  |
|            |                         |                        |                       | are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle |
|            |                         |                        |                       |  GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vul |
|            |                         |                        |                       | nerability allows unauthenticated attacker with network access via mul |
|            |                         |                        |                       | tiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpris |
|            |                         |                        |                       | e Edition. Successful attacks of this vulnerability can result in unau |
|            |                         |                        |                       | thorized read access to a subset of Oracle Java SE, Oracle GraalVM Ent |
|            |                         |                        |                       | erprise Edition accessible data. Note: This vulnerability applies to J |
|            |                         |                        |                       | ava deployments, typically in clients running sandboxed Java Web Start |
|            |                         |                        |                       |  applications or sandboxed Java applets, that load and run untrusted c |
|            |                         |                        |                       | ode (e.g., code that comes from the internet) and rely on the Java san |
|            |                         |                        |                       | dbox for security. This vulnerability can also be exploited by using A |
|            |                         |                        |                       | PIs in the specified Component, e.g., through a web service which supp |
|            |                         |                        |                       | lies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impact |
|            |                         |                        |                       |    s). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21299  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: JAXP). Supported versions that  |
|            |                         |                        |                       | are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle |
|            |                         |                        |                       |  GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vul |
|            |                         |                        |                       | nerability allows unauthenticated attacker with network access via mul |
|            |                         |                        |                       | tiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterpris |
|            |                         |                        |                       | e Edition. Successful attacks of this vulnerability can result in unau |
|            |                         |                        |                       | thorized ability to cause a partial denial of service (partial DOS) of |
|            |                         |                        |                       |  Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnera |
|            |                         |                        |                       | bility applies to Java deployments, typically in clients running sandb |
|            |                         |                        |                       | oxed Java Web Start applications or sandboxed Java applets, that load  |
|            |                         |                        |                       | and run untrusted code (e.g., code that comes from the internet) and r |
|            |                         |                        |                       | ely on the Java sandbox for security. This vulnerability can also be e |
|            |                         |                        |                       | xploited by using APIs in the specified Component, e.g., through a web |
|            |                         |                        |                       |  service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Ava |
|            |                         |                        |                       | ilability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N |
|            |                         |                        |                       |                               /I:N/A:L).                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21305  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Hotspot). Supported versions th |
|            |                         |                        |                       | at are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Ora |
|            |                         |                        |                       | cle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable  |
|            |                         |                        |                       | vulnerability allows unauthenticated attacker with network access via  |
|            |                         |                        |                       | multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterp |
|            |                         |                        |                       | rise Edition. Successful attacks of this vulnerability can result in u |
|            |                         |                        |                       | nauthorized update, insert or delete access to some of Oracle Java SE, |
|            |                         |                        |                       |  Oracle GraalVM Enterprise Edition accessible data. Note: This vulnera |
|            |                         |                        |                       | bility applies to Java deployments, typically in clients running sandb |
|            |                         |                        |                       | oxed Java Web Start applications or sandboxed Java applets, that load  |
|            |                         |                        |                       | and run untrusted code (e.g., code that comes from the internet) and r |
|            |                         |                        |                       | ely on the Java sandbox for security. This vulnerability can also be e |
|            |                         |                        |                       | xploited by using APIs in the specified Component, e.g., through a web |
|            |                         |                        |                       |  service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Int |
|            |                         |                        |                       | egrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I: |
|            |                         |                        |                       |                                L/A:N).                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21340  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Libraries). Supported versions  |
|            |                         |                        |                       | that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; O |
|            |                         |                        |                       | racle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitabl |
|            |                         |                        |                       | e vulnerability allows unauthenticated attacker with network access vi |
|            |                         |                        |                       | a multiple protocols to compromise Oracle Java SE, Oracle GraalVM Ente |
|            |                         |                        |                       | rprise Edition. Successful attacks of this vulnerability can result in |
|            |                         |                        |                       |  unauthorized ability to cause a partial denial of service (partial DO |
|            |                         |                        |                       | S) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vu |
|            |                         |                        |                       | lnerability applies to Java deployments, typically in clients running  |
|            |                         |                        |                       | sandboxed Java Web Start applications or sandboxed Java applets, that  |
|            |                         |                        |                       | load and run untrusted code (e.g., code that comes from the internet)  |
|            |                         |                        |                       | and rely on the Java sandbox for security. This vulnerability can also |
|            |                         |                        |                       |  be exploited by using APIs in the specified Component, e.g., through  |
|            |                         |                        |                       | a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 |
|            |                         |                        |                       |  (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S: |
|            |                         |                        |                       |                            U/C:N/I:N/A:L).                             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21341  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Serialization). Supported versi |
|            |                         |                        |                       | ons that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0. |
|            |                         |                        |                       | 1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploi |
|            |                         |                        |                       | table vulnerability allows unauthenticated attacker with network acces |
|            |                         |                        |                       | s via multiple protocols to compromise Oracle Java SE, Oracle GraalVM  |
|            |                         |                        |                       | Enterprise Edition. Successful attacks of this vulnerability can resul |
|            |                         |                        |                       | t in unauthorized ability to cause a partial denial of service (partia |
|            |                         |                        |                       | l DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: Thi |
|            |                         |                        |                       | s vulnerability applies to Java deployments, typically in clients runn |
|            |                         |                        |                       | ing sandboxed Java Web Start applications or sandboxed Java applets, t |
|            |                         |                        |                       | hat load and run untrusted code (e.g., code that comes from the intern |
|            |                         |                        |                       | et) and rely on the Java sandbox for security. This vulnerability can  |
|            |                         |                        |                       | also be exploited by using APIs in the specified Component, e.g., thro |
|            |                         |                        |                       | ugh a web service which supplies data to the APIs. CVSS 3.1 Base Score |
|            |                         |                        |                       |  5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI: |
|            |                         |                        |                       |                          N/S:U/C:N/I:N/A:L).                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21349  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: 2D). Supported versions that ar |
|            |                         |                        |                       | e affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise |
|            |                         |                        |                       |  Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows u |
|            |                         |                        |                       | nauthenticated attacker with network access via multiple protocols to  |
|            |                         |                        |                       | compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successf |
|            |                         |                        |                       | ul attacks of this vulnerability can result in unauthorized ability to |
|            |                         |                        |                       |  cause a partial denial of service (partial DOS) of Oracle Java SE, Or |
|            |                         |                        |                       | acle GraalVM Enterprise Edition. Note: This vulnerability applies to J |
|            |                         |                        |                       | ava deployments, typically in clients running sandboxed Java Web Start |
|            |                         |                        |                       |  applications or sandboxed Java applets, that load and run untrusted c |
|            |                         |                        |                       | ode (e.g., code that comes from the internet) and rely on the Java san |
|            |                         |                        |                       | dbox for security. This vulnerability can also be exploited by using A |
|            |                         |                        |                       | PIs in the specified Component, e.g., through a web service which supp |
|            |                         |                        |                       | lies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). |
|            |                         |                        |                       |      CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21360  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: ImageIO). Supported versions th |
|            |                         |                        |                       | at are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Ora |
|            |                         |                        |                       | cle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable  |
|            |                         |                        |                       | vulnerability allows unauthenticated attacker with network access via  |
|            |                         |                        |                       | multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterp |
|            |                         |                        |                       | rise Edition. Successful attacks of this vulnerability can result in u |
|            |                         |                        |                       | nauthorized ability to cause a partial denial of service (partial DOS) |
|            |                         |                        |                       |  of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vuln |
|            |                         |                        |                       | erability applies to Java deployments, typically in clients running sa |
|            |                         |                        |                       | ndboxed Java Web Start applications or sandboxed Java applets, that lo |
|            |                         |                        |                       | ad and run untrusted code (e.g., code that comes from the internet) an |
|            |                         |                        |                       | d rely on the Java sandbox for security. This vulnerability can also b |
|            |                         |                        |                       | e exploited by using APIs in the specified Component, e.g., through a  |
|            |                         |                        |                       | web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 ( |
|            |                         |                        |                       | Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/ |
|            |                         |                        |                       |                             C:N/I:N/A:L).                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21365  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: ImageIO). Supported versions th |
|            |                         |                        |                       | at are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Ora |
|            |                         |                        |                       | cle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable  |
|            |                         |                        |                       | vulnerability allows unauthenticated attacker with network access via  |
|            |                         |                        |                       | multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterp |
|            |                         |                        |                       | rise Edition. Successful attacks of this vulnerability can result in u |
|            |                         |                        |                       | nauthorized ability to cause a partial denial of service (partial DOS) |
|            |                         |                        |                       |  of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vuln |
|            |                         |                        |                       | erability applies to Java deployments, typically in clients running sa |
|            |                         |                        |                       | ndboxed Java Web Start applications or sandboxed Java applets, that lo |
|            |                         |                        |                       | ad and run untrusted code (e.g., code that comes from the internet) an |
|            |                         |                        |                       | d rely on the Java sandbox for security. This vulnerability can also b |
|            |                         |                        |                       | e exploited by using APIs in the specified Component, e.g., through a  |
|            |                         |                        |                       | web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 ( |
|            |                         |                        |                       | Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/ |
|            |                         |                        |                       |                             C:N/I:N/A:L).                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21426  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: JAXP). Supported versions that  |
|            |                         |                        |                       | are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Or |
|            |                         |                        |                       | acle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily e |
|            |                         |                        |                       | xploitable vulnerability allows unauthenticated attacker with network  |
|            |                         |                        |                       | access via multiple protocols to compromise Oracle Java SE, Oracle Gra |
|            |                         |                        |                       | alVM Enterprise Edition. Successful attacks of this vulnerability can  |
|            |                         |                        |                       | result in unauthorized ability to cause a partial denial of service (p |
|            |                         |                        |                       | artial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note |
|            |                         |                        |                       | : This vulnerability applies to Java deployments, typically in clients |
|            |                         |                        |                       |  running sandboxed Java Web Start applications or sandboxed Java apple |
|            |                         |                        |                       | ts, that load and run untrusted code (e.g., code that comes from the i |
|            |                         |                        |                       | nternet) and rely on the Java sandbox for security. This vulnerability |
|            |                         |                        |                       |  can also be exploited by using APIs in the specified Component, e.g., |
|            |                         |                        |                       |  through a web service which supplies data to the APIs. CVSS 3.1 Base  |
|            |                         |                        |                       | Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR: |
|            |                         |                        |                       |                        N/UI:N/S:U/C:N/I:N/A:L).                        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21434  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Libraries). Supported versions  |
|            |                         |                        |                       | that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 1 |
|            |                         |                        |                       | 8; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Eas |
|            |                         |                        |                       | ily exploitable vulnerability allows unauthenticated attacker with net |
|            |                         |                        |                       | work access via multiple protocols to compromise Oracle Java SE, Oracl |
|            |                         |                        |                       | e GraalVM Enterprise Edition. Successful attacks of this vulnerability |
|            |                         |                        |                       |  can result in unauthorized update, insert or delete access to some of |
|            |                         |                        |                       |  Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. No |
|            |                         |                        |                       | te: This vulnerability applies to Java deployments, typically in clien |
|            |                         |                        |                       | ts running sandboxed Java Web Start applications or sandboxed Java app |
|            |                         |                        |                       | lets, that load and run untrusted code (e.g., code that comes from the |
|            |                         |                        |                       |  internet) and rely on the Java sandbox for security. This vulnerabili |
|            |                         |                        |                       | ty can also be exploited by using APIs in the specified Component, e.g |
|            |                         |                        |                       | ., through a web service which supplies data to the APIs. CVSS 3.1 Bas |
|            |                         |                        |                       | e Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N |
|            |                         |                        |                       |                        /UI:N/S:U/C:N/I:L/A:N).                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21443  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Libraries). Supported versions  |
|            |                         |                        |                       | that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 1 |
|            |                         |                        |                       | 8; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Dif |
|            |                         |                        |                       | ficult to exploit vulnerability allows unauthenticated attacker with n |
|            |                         |                        |                       | etwork access via multiple protocols to compromise Oracle Java SE, Ora |
|            |                         |                        |                       | cle GraalVM Enterprise Edition. Successful attacks of this vulnerabili |
|            |                         |                        |                       | ty can result in unauthorized ability to cause a partial denial of ser |
|            |                         |                        |                       | vice (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Editio |
|            |                         |                        |                       | n. Note: This vulnerability applies to Java deployments, typically in  |
|            |                         |                        |                       | clients running sandboxed Java Web Start applications or sandboxed Jav |
|            |                         |                        |                       | a applets, that load and run untrusted code (e.g., code that comes fro |
|            |                         |                        |                       | m the internet) and rely on the Java sandbox for security. This vulner |
|            |                         |                        |                       | ability can also be exploited by using APIs in the specified Component |
|            |                         |                        |                       | , e.g., through a web service which supplies data to the APIs. CVSS 3. |
|            |                         |                        |                       | 1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/A |
|            |                         |                        |                       |                    C:H/PR:N/UI:N/S:U/C:N/I:N/A:L).                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21476  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: Libraries). Supported versions  |
|            |                         |                        |                       | that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 1 |
|            |                         |                        |                       | 8; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Eas |
|            |                         |                        |                       | ily exploitable vulnerability allows unauthenticated attacker with net |
|            |                         |                        |                       | work access via multiple protocols to compromise Oracle Java SE, Oracl |
|            |                         |                        |                       | e GraalVM Enterprise Edition. Successful attacks of this vulnerability |
|            |                         |                        |                       |  can result in unauthorized access to critical data or complete access |
|            |                         |                        |                       |  to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible d |
|            |                         |                        |                       | ata. Note: This vulnerability applies to Java deployments, typically i |
|            |                         |                        |                       | n clients running sandboxed Java Web Start applications or sandboxed J |
|            |                         |                        |                       | ava applets, that load and run untrusted code (e.g., code that comes f |
|            |                         |                        |                       | rom the internet) and rely on the Java sandbox for security. This vuln |
|            |                         |                        |                       | erability can also be exploited by using APIs in the specified Compone |
|            |                         |                        |                       | nt, e.g., through a web service which supplies data to the APIs. CVSS  |
|            |                         |                        |                       | 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/A |
|            |                         |                        |                       |                  V:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2022-21496  | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition |
|            |                         |                        |                       |  product of Oracle Java SE (component: JNDI). Supported versions that  |
|            |                         |                        |                       | are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Or |
|            |                         |                        |                       | acle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily e |
|            |                         |                        |                       | xploitable vulnerability allows unauthenticated attacker with network  |
|            |                         |                        |                       | access via multiple protocols to compromise Oracle Java SE, Oracle Gra |
|            |                         |                        |                       | alVM Enterprise Edition. Successful attacks of this vulnerability can  |
|            |                         |                        |                       | result in unauthorized update, insert or delete access to some of Orac |
|            |                         |                        |                       | le Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: T |
|            |                         |                        |                       | his vulnerability applies to Java deployments, typically in clients ru |
|            |                         |                        |                       | nning sandboxed Java Web Start applications or sandboxed Java applets, |
|            |                         |                        |                       |  that load and run untrusted code (e.g., code that comes from the inte |
|            |                         |                        |                       | rnet) and rely on the Java sandbox for security. This vulnerability ca |
|            |                         |                        |                       | n also be exploited by using APIs in the specified Component, e.g., th |
|            |                         |                        |                       | rough a web service which supplies data to the APIs. CVSS 3.1 Base Sco |
|            |                         |                        |                       | re 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N |
|            |                         |                        |                       |                           /S:U/C:N/I:L/A:N).                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-2952    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded, JRockit component of O |
|            |                         |                        |                       | racle Java SE (subcomponent: Concurrency). Supported versions that are |
|            |                         |                        |                       |  affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedde |
|            |                         |                        |                       | d: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows |
|            |                         |                        |                       |  unauthenticated attacker with network access via multiple protocols t |
|            |                         |                        |                       | o compromise Java SE, Java SE Embedded, JRockit. Successful attacks of |
|            |                         |                        |                       |  this vulnerability can result in unauthorized ability to cause a part |
|            |                         |                        |                       | ial denial of service (partial DOS) of Java SE, Java SE Embedded, JRoc |
|            |                         |                        |                       | kit. Note: Applies to client and server deployment of Java. This vulne |
|            |                         |                        |                       | rability can be exploited through sandboxed Java Web Start application |
|            |                         |                        |                       | s and sandboxed Java applets. It can also be exploited by supplying da |
|            |                         |                        |                       | ta to APIs in the specified Component without using sandboxed Java Web |
|            |                         |                        |                       |  Start applications or sandboxed Java applets, such as through a web s |
|            |                         |                        |                       | ervice. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: ( |
|            |                         |                        |                       |             CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-3136    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav |
|            |                         |                        |                       | a SE (subcomponent: Security). Supported versions that are affected ar |
|            |                         |                        |                       | e Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Diffic |
|            |                         |                        |                       | ult to exploit vulnerability allows unauthenticated attacker with netw |
|            |                         |                        |                       | ork access via multiple protocols to compromise Java SE, Java SE Embed |
|            |                         |                        |                       | ded. Successful attacks require human interaction from a person other  |
|            |                         |                        |                       | than the attacker and while the vulnerability is in Java SE, Java SE E |
|            |                         |                        |                       | mbedded, attacks may significantly impact additional products. Success |
|            |                         |                        |                       | ful attacks of this vulnerability can result in unauthorized update, i |
|            |                         |                        |                       | nsert or delete access to some of Java SE, Java SE Embedded accessible |
|            |                         |                        |                       |  data. Note: This vulnerability applies to Java deployments, typically |
|            |                         |                        |                       |  in clients running sandboxed Java Web Start applications or sandboxed |
|            |                         |                        |                       |  Java applets (in Java SE 8), that load and run untrusted code (e.g. c |
|            |                         |                        |                       | ode that comes from the internet) and rely on the Java sandbox for sec |
|            |                         |                        |                       | urity. This vulnerability does not apply to Java deployments, typicall |
|            |                         |                        |                       | y in servers, that load and run only trusted code (e.g. code installed |
|            |                         |                        |                       |  by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CV |
|            |                         |                        |                       |       SS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-3139    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav |
|            |                         |                        |                       | a SE (subcomponent: Networking). Supported versions that are affected  |
|            |                         |                        |                       | are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Diff |
|            |                         |                        |                       | icult to exploit vulnerability allows unauthenticated attacker with ne |
|            |                         |                        |                       | twork access via multiple protocols to compromise Java SE, Java SE Emb |
|            |                         |                        |                       | edded. Successful attacks require human interaction from a person othe |
|            |                         |                        |                       | r than the attacker. Successful attacks of this vulnerability can resu |
|            |                         |                        |                       | lt in unauthorized read access to a subset of Java SE, Java SE Embedde |
|            |                         |                        |                       | d accessible data. Note: This vulnerability applies to Java deployment |
|            |                         |                        |                       | s, typically in clients running sandboxed Java Web Start applications  |
|            |                         |                        |                       | or sandboxed Java applets (in Java SE 8), that load and run untrusted  |
|            |                         |                        |                       | code (e.g. code that comes from the internet) and rely on the Java san |
|            |                         |                        |                       | dbox for security. This vulnerability does not apply to Java deploymen |
|            |                         |                        |                       | ts, typically in servers, that load and run only trusted code (e.g. co |
|            |                         |                        |                       | de installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidenti |
|            |                         |                        |                       | ality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N |
|            |                         |                        |                       |                                 /A:N).                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2422    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE component of Oracle Java SE (subcomponent |
|            |                         |                        |                       | : Libraries). Supported versions that are affected are Java SE: 7u201, |
|            |                         |                        |                       |  8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulne |
|            |                         |                        |                       | rability allows unauthenticated attacker with network access via multi |
|            |                         |                        |                       | ple protocols to compromise Java SE. Successful attacks require human  |
|            |                         |                        |                       | interaction from a person other than the attacker. Successful attacks  |
|            |                         |                        |                       | of this vulnerability can result in unauthorized read access to a subs |
|            |                         |                        |                       | et of Java SE accessible data. Note: This vulnerability applies to Jav |
|            |                         |                        |                       | a deployments, typically in clients running sandboxed Java Web Start a |
|            |                         |                        |                       | pplications or sandboxed Java applets (in Java SE 8), that load and ru |
|            |                         |                        |                       | n untrusted code (e.g., code that comes from the internet) and rely on |
|            |                         |                        |                       |  the Java sandbox for security. This vulnerability does not apply to J |
|            |                         |                        |                       | ava deployments, typically in servers, that load and run only trusted  |
|            |                         |                        |                       | code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3 |
|            |                         |                        |                       | .1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI |
|            |                         |                        |                       |                          :R/S:U/C:L/I:N/A:N).                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2786    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav |
|            |                         |                        |                       | a SE (subcomponent: Security). Supported versions that are affected ar |
|            |                         |                        |                       | e Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficul |
|            |                         |                        |                       | t to exploit vulnerability allows unauthenticated attacker with networ |
|            |                         |                        |                       | k access via multiple protocols to compromise Java SE, Java SE Embedde |
|            |                         |                        |                       | d. Successful attacks require human interaction from a person other th |
|            |                         |                        |                       | an the attacker and while the vulnerability is in Java SE, Java SE Emb |
|            |                         |                        |                       | edded, attacks may significantly impact additional products. Successfu |
|            |                         |                        |                       | l attacks of this vulnerability can result in unauthorized read access |
|            |                         |                        |                       |  to a subset of Java SE, Java SE Embedded accessible data. Note: This  |
|            |                         |                        |                       | vulnerability applies to Java deployments, typically in clients runnin |
|            |                         |                        |                       | g sandboxed Java Web Start applications or sandboxed Java applets (in  |
|            |                         |                        |                       | Java SE 8), that load and run untrusted code (e.g., code that comes fr |
|            |                         |                        |                       | om the internet) and rely on the Java sandbox for security. This vulne |
|            |                         |                        |                       | rability can also be exploited by using APIs in the specified Componen |
|            |                         |                        |                       | t, e.g., through a web service which supplies data to the APIs. CVSS 3 |
|            |                         |                        |                       | .0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV |
|            |                         |                        |                       |                  :N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2842    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE component of Oracle Java SE (subcomponent |
|            |                         |                        |                       | : JCE). The supported version that is affected is Java SE: 8u212. Diff |
|            |                         |                        |                       | icult to exploit vulnerability allows unauthenticated attacker with ne |
|            |                         |                        |                       | twork access via multiple protocols to compromise Java SE. Successful  |
|            |                         |                        |                       | attacks of this vulnerability can result in unauthorized ability to ca |
|            |                         |                        |                       | use a partial denial of service (partial DOS) of Java SE. Note: This v |
|            |                         |                        |                       | ulnerability applies to Java deployments, typically in clients running |
|            |                         |                        |                       |  sandboxed Java Web Start applications or sandboxed Java applets (in J |
|            |                         |                        |                       | ava SE 8), that load and run untrusted code (e.g., code that comes fro |
|            |                         |                        |                       | m the internet) and rely on the Java sandbox for security. This vulner |
|            |                         |                        |                       | ability can also be exploited by using APIs in the specified Component |
|            |                         |                        |                       | , e.g., through a web service which supplies data to the APIs. CVSS 3. |
|            |                         |                        |                       | 0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/A |
|            |                         |                        |                       |                    C:H/PR:N/UI:N/S:U/C:N/I:N/A:L).                     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2894    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Security). Supported versions that are affected are Jav |
|            |                         |                        |                       | a SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult  |
|            |                         |                        |                       | to exploit vulnerability allows unauthenticated attacker with network  |
|            |                         |                        |                       | access via multiple protocols to compromise Java SE, Java SE Embedded. |
|            |                         |                        |                       |  Successful attacks of this vulnerability can result in unauthorized r |
|            |                         |                        |                       | ead access to a subset of Java SE, Java SE Embedded accessible data. N |
|            |                         |                        |                       | ote: This vulnerability applies to Java deployments, typically in clie |
|            |                         |                        |                       | nts running sandboxed Java Web Start applications or sandboxed Java ap |
|            |                         |                        |                       | plets (in Java SE 8), that load and run untrusted code (e.g., code tha |
|            |                         |                        |                       | t comes from the internet) and rely on the Java sandbox for security.  |
|            |                         |                        |                       | This vulnerability can also be exploited by using APIs in the specifie |
|            |                         |                        |                       | d Component, e.g., through a web service which supplies data to the AP |
|            |                         |                        |                       | Is. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (C |
|            |                         |                        |                       |             VSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2945    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Networking). Supported versions that are affected are J |
|            |                         |                        |                       | ava SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficul |
|            |                         |                        |                       | t to exploit vulnerability allows unauthenticated attacker with networ |
|            |                         |                        |                       | k access via multiple protocols to compromise Java SE, Java SE Embedde |
|            |                         |                        |                       | d. Successful attacks require human interaction from a person other th |
|            |                         |                        |                       | an the attacker. Successful attacks of this vulnerability can result i |
|            |                         |                        |                       | n unauthorized ability to cause a partial denial of service (partial D |
|            |                         |                        |                       | OS) of Java SE, Java SE Embedded. Note: This vulnerability applies to  |
|            |                         |                        |                       | Java deployments, typically in clients running sandboxed Java Web Star |
|            |                         |                        |                       | t applications or sandboxed Java applets (in Java SE 8), that load and |
|            |                         |                        |                       |  run untrusted code (e.g., code that comes from the internet) and rely |
|            |                         |                        |                       |  on the Java sandbox for security. This vulnerability does not apply t |
|            |                         |                        |                       | o Java deployments, typically in servers, that load and run only trust |
|            |                         |                        |                       | ed code (e.g., code installed by an administrator). CVSS 3.0 Base Scor |
|            |                         |                        |                       | e 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI |
|            |                         |                        |                       |                          :R/S:U/C:N/I:N/A:L).                          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2962    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: 2D). Supported versions that are affected are Java SE:  |
|            |                         |                        |                       | 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exp |
|            |                         |                        |                       | loit vulnerability allows unauthenticated attacker with network access |
|            |                         |                        |                       |  via multiple protocols to compromise Java SE, Java SE Embedded. Succe |
|            |                         |                        |                       | ssful attacks of this vulnerability can result in unauthorized ability |
|            |                         |                        |                       |  to cause a partial denial of service (partial DOS) of Java SE, Java S |
|            |                         |                        |                       | E Embedded. Note: This vulnerability applies to Java deployments, typi |
|            |                         |                        |                       | cally in clients running sandboxed Java Web Start applications or sand |
|            |                         |                        |                       | boxed Java applets (in Java SE 8), that load and run untrusted code (e |
|            |                         |                        |                       | .g., code that comes from the internet) and rely on the Java sandbox f |
|            |                         |                        |                       | or security. This vulnerability can also be exploited by using APIs in |
|            |                         |                        |                       |  the specified Component, e.g., through a web service which supplies d |
|            |                         |                        |                       | ata to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS  |
|            |                         |                        |                       |        Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2964    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Concurrency). Supported versions that are affected are  |
|            |                         |                        |                       | Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficu |
|            |                         |                        |                       | lt to exploit vulnerability allows unauthenticated attacker with netwo |
|            |                         |                        |                       | rk access via multiple protocols to compromise Java SE, Java SE Embedd |
|            |                         |                        |                       | ed. Successful attacks of this vulnerability can result in unauthorize |
|            |                         |                        |                       | d ability to cause a partial denial of service (partial DOS) of Java S |
|            |                         |                        |                       | E, Java SE Embedded. Note: This vulnerability can only be exploited by |
|            |                         |                        |                       |  supplying data to APIs in the specified Component without using Untru |
|            |                         |                        |                       | sted Java Web Start applications or Untrusted Java applets, such as th |
|            |                         |                        |                       | rough a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). C |
|            |                         |                        |                       |      VSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2973    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: JAXP). Supported versions that are affected are Java SE |
|            |                         |                        |                       | : 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to e |
|            |                         |                        |                       | xploit vulnerability allows unauthenticated attacker with network acce |
|            |                         |                        |                       | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc |
|            |                         |                        |                       | cessful attacks of this vulnerability can result in unauthorized abili |
|            |                         |                        |                       | ty to cause a partial denial of service (partial DOS) of Java SE, Java |
|            |                         |                        |                       |  SE Embedded. Note: This vulnerability applies to Java deployments, ty |
|            |                         |                        |                       | pically in clients running sandboxed Java Web Start applications or sa |
|            |                         |                        |                       | ndboxed Java applets (in Java SE 8), that load and run untrusted code  |
|            |                         |                        |                       | (e.g., code that comes from the internet) and rely on the Java sandbox |
|            |                         |                        |                       |  for security. This vulnerability can also be exploited by using APIs  |
|            |                         |                        |                       | in the specified Component, e.g., through a web service which supplies |
|            |                         |                        |                       |  data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVS |
|            |                         |                        |                       |       S Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2978    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Networking). Supported versions that are affected are J |
|            |                         |                        |                       | ava SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficul |
|            |                         |                        |                       | t to exploit vulnerability allows unauthenticated attacker with networ |
|            |                         |                        |                       | k access via multiple protocols to compromise Java SE, Java SE Embedde |
|            |                         |                        |                       | d. Successful attacks of this vulnerability can result in unauthorized |
|            |                         |                        |                       |  ability to cause a partial denial of service (partial DOS) of Java SE |
|            |                         |                        |                       | , Java SE Embedded. Note: This vulnerability applies to Java deploymen |
|            |                         |                        |                       | ts, typically in clients running sandboxed Java Web Start applications |
|            |                         |                        |                       |  or sandboxed Java applets (in Java SE 8), that load and run untrusted |
|            |                         |                        |                       |  code (e.g., code that comes from the internet) and rely on the Java s |
|            |                         |                        |                       | andbox for security. This vulnerability can also be exploited by using |
|            |                         |                        |                       |  APIs in the specified Component, e.g., through a web service which su |
|            |                         |                        |                       | pplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts |
|            |                         |                        |                       |    ). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2981    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: JAXP). Supported versions that are affected are Java SE |
|            |                         |                        |                       | : 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to e |
|            |                         |                        |                       | xploit vulnerability allows unauthenticated attacker with network acce |
|            |                         |                        |                       | ss via multiple protocols to compromise Java SE, Java SE Embedded. Suc |
|            |                         |                        |                       | cessful attacks of this vulnerability can result in unauthorized abili |
|            |                         |                        |                       | ty to cause a partial denial of service (partial DOS) of Java SE, Java |
|            |                         |                        |                       |  SE Embedded. Note: This vulnerability applies to Java deployments, ty |
|            |                         |                        |                       | pically in clients running sandboxed Java Web Start applications or sa |
|            |                         |                        |                       | ndboxed Java applets (in Java SE 8), that load and run untrusted code  |
|            |                         |                        |                       | (e.g., code that comes from the internet) and rely on the Java sandbox |
|            |                         |                        |                       |  for security. This vulnerability can also be exploited by using APIs  |
|            |                         |                        |                       | in the specified Component, e.g., through a web service which supplies |
|            |                         |                        |                       |  data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVS |
|            |                         |                        |                       |       S Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).        |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2983    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Serialization). Supported versions that are affected ar |
|            |                         |                        |                       | e Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Diffi |
|            |                         |                        |                       | cult to exploit vulnerability allows unauthenticated attacker with net |
|            |                         |                        |                       | work access via multiple protocols to compromise Java SE, Java SE Embe |
|            |                         |                        |                       | dded. Successful attacks of this vulnerability can result in unauthori |
|            |                         |                        |                       | zed ability to cause a partial denial of service (partial DOS) of Java |
|            |                         |                        |                       |  SE, Java SE Embedded. Note: This vulnerability applies to Java deploy |
|            |                         |                        |                       | ments, typically in clients running sandboxed Java Web Start applicati |
|            |                         |                        |                       | ons or sandboxed Java applets (in Java SE 8), that load and run untrus |
|            |                         |                        |                       | ted code (e.g., code that comes from the internet) and rely on the Jav |
|            |                         |                        |                       | a sandbox for security. This vulnerability can also be exploited by us |
|            |                         |                        |                       | ing APIs in the specified Component, e.g., through a web service which |
|            |                         |                        |                       |  supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impa |
|            |                         |                        |                       |   cts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2987    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE product of Oracle Java SE (component: 2D) |
|            |                         |                        |                       | . Supported versions that are affected are Java SE: 11.0.4 and 13. Dif |
|            |                         |                        |                       | ficult to exploit vulnerability allows unauthenticated attacker with n |
|            |                         |                        |                       | etwork access via multiple protocols to compromise Java SE. Successful |
|            |                         |                        |                       |  attacks of this vulnerability can result in unauthorized ability to c |
|            |                         |                        |                       | ause a partial denial of service (partial DOS) of Java SE. Note: This  |
|            |                         |                        |                       | vulnerability applies to Java deployments, typically in clients runnin |
|            |                         |                        |                       | g sandboxed Java Web Start applications or sandboxed Java applets (in  |
|            |                         |                        |                       | Java SE 8), that load and run untrusted code (e.g., code that comes fr |
|            |                         |                        |                       | om the internet) and rely on the Java sandbox for security. This vulne |
|            |                         |                        |                       | rability can also be exploited by using APIs in the specified Componen |
|            |                         |                        |                       | t, e.g., through a web service which supplies data to the APIs. CVSS 3 |
|            |                         |                        |                       | .0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/ |
|            |                         |                        |                       |                    AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2988    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: 2D). Supported versions that are affected are Java SE:  |
|            |                         |                        |                       | 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exp |
|            |                         |                        |                       | loit vulnerability allows unauthenticated attacker with network access |
|            |                         |                        |                       |  via multiple protocols to compromise Java SE, Java SE Embedded. Succe |
|            |                         |                        |                       | ssful attacks of this vulnerability can result in unauthorized ability |
|            |                         |                        |                       |  to cause a partial denial of service (partial DOS) of Java SE, Java S |
|            |                         |                        |                       | E Embedded. Note: This vulnerability applies to Java deployments, typi |
|            |                         |                        |                       | cally in clients running sandboxed Java Web Start applications or sand |
|            |                         |                        |                       | boxed Java applets (in Java SE 8), that load and run untrusted code (e |
|            |                         |                        |                       | .g., code that comes from the internet) and rely on the Java sandbox f |
|            |                         |                        |                       | or security. This vulnerability does not apply to Java deployments, ty |
|            |                         |                        |                       | pically in servers, that load and run only trusted code (e.g., code in |
|            |                         |                        |                       | stalled by an administrator). CVSS 3.0 Base Score 3.7 (Availability im |
|            |                         |                        |                       |  pacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-2992    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: 2D). Supported versions that are affected are Java SE:  |
|            |                         |                        |                       | 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exp |
|            |                         |                        |                       | loit vulnerability allows unauthenticated attacker with network access |
|            |                         |                        |                       |  via multiple protocols to compromise Java SE, Java SE Embedded. Succe |
|            |                         |                        |                       | ssful attacks of this vulnerability can result in unauthorized ability |
|            |                         |                        |                       |  to cause a partial denial of service (partial DOS) of Java SE, Java S |
|            |                         |                        |                       | E Embedded. Note: This vulnerability applies to Java deployments, typi |
|            |                         |                        |                       | cally in clients running sandboxed Java Web Start applications or sand |
|            |                         |                        |                       | boxed Java applets (in Java SE 8), that load and run untrusted code (e |
|            |                         |                        |                       | .g., code that comes from the internet) and rely on the Java sandbox f |
|            |                         |                        |                       | or security. This vulnerability does not apply to Java deployments, ty |
|            |                         |                        |                       | pically in servers, that load and run only trusted code (e.g., code in |
|            |                         |                        |                       | stalled by an administrator). CVSS 3.0 Base Score 3.7 (Availability im |
|            |                         |                        |                       |  pacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2020-14577    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: JSSE). Supported versions that are affected are Java SE |
|            |                         |                        |                       | : 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult  |
|            |                         |                        |                       | to exploit vulnerability allows unauthenticated attacker with network  |
|            |                         |                        |                       | access via TLS to compromise Java SE, Java SE Embedded. Successful att |
|            |                         |                        |                       | acks of this vulnerability can result in unauthorized read access to a |
|            |                         |                        |                       |  subset of Java SE, Java SE Embedded accessible data. Note: Applies to |
|            |                         |                        |                       |  client and server deployment of Java. This vulnerability can be explo |
|            |                         |                        |                       | ited through sandboxed Java Web Start applications and sandboxed Java  |
|            |                         |                        |                       | applets. It can also be exploited by supplying data to APIs in the spe |
|            |                         |                        |                       | cified Component without using sandboxed Java Web Start applications o |
|            |                         |                        |                       | r sandboxed Java applets, such as through a web service. CVSS 3.1 Base |
|            |                         |                        |                       |  Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H |
|            |                         |                        |                       |                      /PR:N/UI:N/S:U/C:L/I:N/A:N).                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2020-14578    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit  |
|            |                         |                        |                       | vulnerability allows unauthenticated attacker with network access via  |
|            |                         |                        |                       | multiple protocols to compromise Java SE, Java SE Embedded. Successful |
|            |                         |                        |                       |  attacks of this vulnerability can result in unauthorized ability to c |
|            |                         |                        |                       | ause a partial denial of service (partial DOS) of Java SE, Java SE Emb |
|            |                         |                        |                       | edded. Note: Applies to client and server deployment of Java. This vul |
|            |                         |                        |                       | nerability can be exploited through sandboxed Java Web Start applicati |
|            |                         |                        |                       | ons and sandboxed Java applets. It can also be exploited by supplying  |
|            |                         |                        |                       | data to APIs in the specified Component without using sandboxed Java W |
|            |                         |                        |                       | eb Start applications or sandboxed Java applets, such as through a web |
|            |                         |                        |                       |  service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: |
|            |                         |                        |                       |             (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2020-14579    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit  |
|            |                         |                        |                       | vulnerability allows unauthenticated attacker with network access via  |
|            |                         |                        |                       | multiple protocols to compromise Java SE, Java SE Embedded. Successful |
|            |                         |                        |                       |  attacks of this vulnerability can result in unauthorized ability to c |
|            |                         |                        |                       | ause a partial denial of service (partial DOS) of Java SE, Java SE Emb |
|            |                         |                        |                       | edded. Note: Applies to client and server deployment of Java. This vul |
|            |                         |                        |                       | nerability can be exploited through sandboxed Java Web Start applicati |
|            |                         |                        |                       | ons and sandboxed Java applets. It can also be exploited by supplying  |
|            |                         |                        |                       | data to APIs in the specified Component without using sandboxed Java W |
|            |                         |                        |                       | eb Start applications or sandboxed Java applets, such as through a web |
|            |                         |                        |                       |  service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: |
|            |                         |                        |                       |             (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2020-14581    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: 2D). Supported versions that are affected are Java SE:  |
|            |                         |                        |                       | 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploi |
|            |                         |                        |                       | t vulnerability allows unauthenticated attacker with network access vi |
|            |                         |                        |                       | a multiple protocols to compromise Java SE, Java SE Embedded. Successf |
|            |                         |                        |                       | ul attacks of this vulnerability can result in unauthorized read acces |
|            |                         |                        |                       | s to a subset of Java SE, Java SE Embedded accessible data. Note: Appl |
|            |                         |                        |                       | ies to client and server deployment of Java. This vulnerability can be |
|            |                         |                        |                       |  exploited through sandboxed Java Web Start applications and sandboxed |
|            |                         |                        |                       |  Java applets. It can also be exploited by supplying data to APIs in t |
|            |                         |                        |                       | he specified Component without using sandboxed Java Web Start applicat |
|            |                         |                        |                       | ions or sandboxed Java applets, such as through a web service. CVSS 3. |
|            |                         |                        |                       | 1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV: |
|            |                         |                        |                       |                   N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2020-14796    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult |
|            |                         |                        |                       |  to exploit vulnerability allows unauthenticated attacker with network |
|            |                         |                        |                       |  access via multiple protocols to compromise Java SE, Java SE Embedded |
|            |                         |                        |                       | . Successful attacks require human interaction from a person other tha |
|            |                         |                        |                       | n the attacker. Successful attacks of this vulnerability can result in |
|            |                         |                        |                       |  unauthorized read access to a subset of Java SE, Java SE Embedded acc |
|            |                         |                        |                       | essible data. Note: This vulnerability applies to Java deployments, ty |
|            |                         |                        |                       | pically in clients running sandboxed Java Web Start applications or sa |
|            |                         |                        |                       | ndboxed Java applets, that load and run untrusted code (e.g., code tha |
|            |                         |                        |                       | t comes from the internet) and rely on the Java sandbox for security.  |
|            |                         |                        |                       | This vulnerability does not apply to Java deployments, typically in se |
|            |                         |                        |                       | rvers, that load and run only trusted code (e.g., code installed by an |
|            |                         |                        |                       |  administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CV |
|            |                         |                        |                       |       SS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2020-14798    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Libraries). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult |
|            |                         |                        |                       |  to exploit vulnerability allows unauthenticated attacker with network |
|            |                         |                        |                       |  access via multiple protocols to compromise Java SE, Java SE Embedded |
|            |                         |                        |                       | . Successful attacks require human interaction from a person other tha |
|            |                         |                        |                       | n the attacker. Successful attacks of this vulnerability can result in |
|            |                         |                        |                       |  unauthorized update, insert or delete access to some of Java SE, Java |
|            |                         |                        |                       |  SE Embedded accessible data. Note: This vulnerability applies to Java |
|            |                         |                        |                       |  deployments, typically in clients running sandboxed Java Web Start ap |
|            |                         |                        |                       | plications or sandboxed Java applets, that load and run untrusted code |
|            |                         |                        |                       |  (e.g., code that comes from the internet) and rely on the Java sandbo |
|            |                         |                        |                       | x for security. This vulnerability does not apply to Java deployments, |
|            |                         |                        |                       |  typically in servers, that load and run only trusted code (e.g., code |
|            |                         |                        |                       |  installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity im |
|            |                         |                        |                       |  pacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2020-2583    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Serialization). Supported versions that are affected ar |
|            |                         |                        |                       | e Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. D |
|            |                         |                        |                       | ifficult to exploit vulnerability allows unauthenticated attacker with |
|            |                         |                        |                       |  network access via multiple protocols to compromise Java SE, Java SE  |
|            |                         |                        |                       | Embedded. Successful attacks of this vulnerability can result in unaut |
|            |                         |                        |                       | horized ability to cause a partial denial of service (partial DOS) of  |
|            |                         |                        |                       | Java SE, Java SE Embedded. Note: This vulnerability applies to Java de |
|            |                         |                        |                       | ployments, typically in clients running sandboxed Java Web Start appli |
|            |                         |                        |                       | cations or sandboxed Java applets (in Java SE 8), that load and run un |
|            |                         |                        |                       | trusted code (e.g., code that comes from the internet) and rely on the |
|            |                         |                        |                       |  Java sandbox for security. This vulnerability can also be exploited b |
|            |                         |                        |                       | y using APIs in the specified Component, e.g., through a web service w |
|            |                         |                        |                       | hich supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability  |
|            |                         |                        |                       | impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2020-2590    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Security). Supported versions that are affected are Jav |
|            |                         |                        |                       | a SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Diffic |
|            |                         |                        |                       | ult to exploit vulnerability allows unauthenticated attacker with netw |
|            |                         |                        |                       | ork access via Kerberos to compromise Java SE, Java SE Embedded. Succe |
|            |                         |                        |                       | ssful attacks of this vulnerability can result in unauthorized update, |
|            |                         |                        |                       |  insert or delete access to some of Java SE, Java SE Embedded accessib |
|            |                         |                        |                       | le data. Note: This vulnerability applies to Java deployments, typical |
|            |                         |                        |                       | ly in clients running sandboxed Java Web Start applications or sandbox |
|            |                         |                        |                       | ed Java applets (in Java SE 8), that load and run untrusted code (e.g. |
|            |                         |                        |                       | , code that comes from the internet) and rely on the Java sandbox for  |
|            |                         |                        |                       | security. This vulnerability can also be exploited by using APIs in th |
|            |                         |                        |                       | e specified Component, e.g., through a web service which supplies data |
|            |                         |                        |                       |  to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector |
|            |                         |                        |                       |           : (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).            |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2020-2654    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE product of Oracle Java SE (component: Lib |
|            |                         |                        |                       | raries). Supported versions that are affected are Java SE: 7u241, 8u23 |
|            |                         |                        |                       | 1, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauth |
|            |                         |                        |                       | enticated attacker with network access via multiple protocols to compr |
|            |                         |                        |                       | omise Java SE. Successful attacks of this vulnerability can result in  |
|            |                         |                        |                       | unauthorized ability to cause a partial denial of service (partial DOS |
|            |                         |                        |                       | ) of Java SE. Note: This vulnerability can only be exploited by supply |
|            |                         |                        |                       | ing data to APIs in the specified Component without using Untrusted Ja |
|            |                         |                        |                       | va Web Start applications or Untrusted Java applets, such as through a |
|            |                         |                        |                       |  web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vec |
|            |                         |                        |                       |          tor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2020-2659    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Networking). Supported versions that are affected are J |
|            |                         |                        |                       | ava SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit |
|            |                         |                        |                       |  vulnerability allows unauthenticated attacker with network access via |
|            |                         |                        |                       |  multiple protocols to compromise Java SE, Java SE Embedded. Successfu |
|            |                         |                        |                       | l attacks of this vulnerability can result in unauthorized ability to  |
|            |                         |                        |                       | cause a partial denial of service (partial DOS) of Java SE, Java SE Em |
|            |                         |                        |                       | bedded. Note: This vulnerability applies to Java deployments, typicall |
|            |                         |                        |                       | y in clients running sandboxed Java Web Start applications or sandboxe |
|            |                         |                        |                       | d Java applets (in Java SE 8), that load and run untrusted code (e.g., |
|            |                         |                        |                       |  code that comes from the internet) and rely on the Java sandbox for s |
|            |                         |                        |                       | ecurity. This vulnerability can also be exploited by using APIs in the |
|            |                         |                        |                       |  specified Component, e.g., through a web service which supplies data  |
|            |                         |                        |                       | to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vect |
|            |                         |                        |                       |          or: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2020-2754    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Scripting). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exp |
|            |                         |                        |                       | loit vulnerability allows unauthenticated attacker with network access |
|            |                         |                        |                       |  via multiple protocols to compromise Java SE, Java SE Embedded. Succe |
|            |                         |                        |                       | ssful attacks of this vulnerability can result in unauthorized ability |
|            |                         |                        |                       |  to cause a partial denial of service (partial DOS) of Java SE, Java S |
|            |                         |                        |                       | E Embedded. Note: Applies to client and server deployment of Java. Thi |
|            |                         |                        |                       | s vulnerability can be exploited through sandboxed Java Web Start appl |
|            |                         |                        |                       | ications and sandboxed Java applets. It can also be exploited by suppl |
|            |                         |                        |                       | ying data to APIs in the specified Component without using sandboxed J |
|            |                         |                        |                       | ava Web Start applications or sandboxed Java applets, such as through  |
|            |                         |                        |                       | a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Ve |
|            |                         |                        |                       |         ctor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2020-2755    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Scripting). Supported versions that are affected are Ja |
|            |                         |                        |                       | va SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exp |
|            |                         |                        |                       | loit vulnerability allows unauthenticated attacker with network access |
|            |                         |                        |                       |  via multiple protocols to compromise Java SE, Java SE Embedded. Succe |
|            |                         |                        |                       | ssful attacks of this vulnerability can result in unauthorized ability |
|            |                         |                        |                       |  to cause a partial denial of service (partial DOS) of Java SE, Java S |
|            |                         |                        |                       | E Embedded. Note: Applies to client and server deployment of Java. Thi |
|            |                         |                        |                       | s vulnerability can be exploited through sandboxed Java Web Start appl |
|            |                         |                        |                       | ications and sandboxed Java applets. It can also be exploited by suppl |
|            |                         |                        |                       | ying data to APIs in the specified Component without using sandboxed J |
|            |                         |                        |                       | ava Web Start applications or sandboxed Java applets, such as through  |
|            |                         |                        |                       | a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Ve |
|            |                         |                        |                       |         ctor: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2020-2756    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Serialization). Supported versions that are affected ar |
|            |                         |                        |                       | e Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Diffi |
|            |                         |                        |                       | cult to exploit vulnerability allows unauthenticated attacker with net |
|            |                         |                        |                       | work access via multiple protocols to compromise Java SE, Java SE Embe |
|            |                         |                        |                       | dded. Successful attacks of this vulnerability can result in unauthori |
|            |                         |                        |                       | zed ability to cause a partial denial of service (partial DOS) of Java |
|            |                         |                        |                       |  SE, Java SE Embedded. Note: Applies to client and server deployment o |
|            |                         |                        |                       | f Java. This vulnerability can be exploited through sandboxed Java Web |
|            |                         |                        |                       |  Start applications and sandboxed Java applets. It can also be exploit |
|            |                         |                        |                       | ed by supplying data to APIs in the specified Component without using  |
|            |                         |                        |                       | sandboxed Java Web Start applications or sandboxed Java applets, such  |
|            |                         |                        |                       | as through a web service. CVSS 3.0 Base Score 3.7 (Availability impact |
|            |                         |                        |                       |    s). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2020-2757    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Serialization). Supported versions that are affected ar |
|            |                         |                        |                       | e Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Diffi |
|            |                         |                        |                       | cult to exploit vulnerability allows unauthenticated attacker with net |
|            |                         |                        |                       | work access via multiple protocols to compromise Java SE, Java SE Embe |
|            |                         |                        |                       | dded. Successful attacks of this vulnerability can result in unauthori |
|            |                         |                        |                       | zed ability to cause a partial denial of service (partial DOS) of Java |
|            |                         |                        |                       |  SE, Java SE Embedded. Note: Applies to client and server deployment o |
|            |                         |                        |                       | f Java. This vulnerability can be exploited through sandboxed Java Web |
|            |                         |                        |                       |  Start applications and sandboxed Java applets. It can also be exploit |
|            |                         |                        |                       | ed by supplying data to APIs in the specified Component without using  |
|            |                         |                        |                       | sandboxed Java Web Start applications or sandboxed Java applets, such  |
|            |                         |                        |                       | as through a web service. CVSS 3.0 Base Score 3.7 (Availability impact |
|            |                         |                        |                       |    s). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2020-2773    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  |
|            |                         |                        |                       | SE (component: Security). Supported versions that are affected are Jav |
|            |                         |                        |                       | a SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult  |
|            |                         |                        |                       | to exploit vulnerability allows unauthenticated attacker with network  |
|            |                         |                        |                       | access via multiple protocols to compromise Java SE, Java SE Embedded. |
|            |                         |                        |                       |  Successful attacks of this vulnerability can result in unauthorized a |
|            |                         |                        |                       | bility to cause a partial denial of service (partial DOS) of Java SE,  |
|            |                         |                        |                       | Java SE Embedded. Note: Applies to client and server deployment of Jav |
|            |                         |                        |                       | a. This vulnerability can be exploited through sandboxed Java Web Star |
|            |                         |                        |                       | t applications and sandboxed Java applets. It can also be exploited by |
|            |                         |                        |                       |  supplying data to APIs in the specified Component without using sandb |
|            |                         |                        |                       | oxed Java Web Start applications or sandboxed Java applets, such as th |
|            |                         |                        |                       | rough a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). C |
|            |                         |                        |                       |      VSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2021-2163    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterpr |
|            |                         |                        |                       | ise Edition product of Oracle Java SE (component: Libraries). Supporte |
|            |                         |                        |                       | d versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; J |
|            |                         |                        |                       | ava SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20. |
|            |                         |                        |                       | 3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthen |
|            |                         |                        |                       | ticated attacker with network access via multiple protocols to comprom |
|            |                         |                        |                       | ise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Succ |
|            |                         |                        |                       | essful attacks require human interaction from a person other than the  |
|            |                         |                        |                       | attacker. Successful attacks of this vulnerability can result in unaut |
|            |                         |                        |                       | horized creation, deletion or modification access to critical data or  |
|            |                         |                        |                       | all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition acces |
|            |                         |                        |                       | sible data. Note: This vulnerability applies to Java deployments that  |
|            |                         |                        |                       | load and run untrusted code (e.g., code that comes from the internet)  |
|            |                         |                        |                       | and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (In |
|            |                         |                        |                       | tegrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I |
|            |                         |                        |                       |                                :H/A:N).                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-35588    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: Hotspot). Supported versions that are  |
|            |                         |                        |                       | affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: |
|            |                         |                        |                       |  20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthen |
|            |                         |                        |                       | ticated attacker with network access via multiple protocols to comprom |
|            |                         |                        |                       | ise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks req |
|            |                         |                        |                       | uire human interaction from a person other than the attacker. Successf |
|            |                         |                        |                       | ul attacks of this vulnerability can result in unauthorized ability to |
|            |                         |                        |                       |  cause a partial denial of service (partial DOS) of Java SE, Oracle Gr |
|            |                         |                        |                       | aalVM Enterprise Edition. Note: This vulnerability applies to Java dep |
|            |                         |                        |                       | loyments, typically in clients running sandboxed Java Web Start applic |
|            |                         |                        |                       | ations or sandboxed Java applets, that load and run untrusted code (e. |
|            |                         |                        |                       | g., code that comes from the internet) and rely on the Java sandbox fo |
|            |                         |                        |                       | r security. This vulnerability can also be exploited by using APIs in  |
|            |                         |                        |                       | the specified Component, e.g., through a web service which supplies da |
|            |                         |                        |                       | ta to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS V |
|            |                         |                        |                       |         ector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-35603    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc |
|            |                         |                        |                       | t of Oracle Java SE (component: JSSE). Supported versions that are aff |
|            |                         |                        |                       | ected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterpris |
|            |                         |                        |                       | e Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allow |
|            |                         |                        |                       | s unauthenticated attacker with network access via TLS to compromise J |
|            |                         |                        |                       | ava SE, Oracle GraalVM Enterprise Edition. Successful attacks of this  |
|            |                         |                        |                       | vulnerability can result in unauthorized read access to a subset of Ja |
|            |                         |                        |                       | va SE, Oracle GraalVM Enterprise Edition accessible data. Note: This v |
|            |                         |                        |                       | ulnerability applies to Java deployments, typically in clients running |
|            |                         |                        |                       |  sandboxed Java Web Start applications or sandboxed Java applets, that |
|            |                         |                        |                       |  load and run untrusted code (e.g., code that comes from the internet) |
|            |                         |                        |                       |  and rely on the Java sandbox for security. This vulnerability can als |
|            |                         |                        |                       | o be exploited by using APIs in the specified Component, e.g., through |
|            |                         |                        |                       |  a web service which supplies data to the APIs. CVSS 3.1 Base Score 3. |
|            |                         |                        |                       | 7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI: |
|            |                         |                        |                       |                          N/S:U/C:L/I:N/A:N).                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2412-2    | openjdk-8-jre-headless |  8u171-b11-1~deb9u1   |                               DLA-2412-2                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2022-1292  |        openssl         |    1.1.0f-3+deb9u2    | The c_rehash script does not properly sanitise shell metacharacters to |
|            |                         |                        |                       |  prevent command injection. This script is distributed by some operati |
|            |                         |                        |                       | ng systems in a manner where it is automatically executed. On such ope |
|            |                         |                        |                       | rating systems, an attacker could execute arbitrary commands with the  |
|            |                         |                        |                       | privileges of the script. Use of the c_rehash script is considered obs |
|            |                         |                        |                       | olete and should be replaced by the OpenSSL rehash command line tool.  |
|            |                         |                        |                       | Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL  |
|            |                         |                        |                       | 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0 |
|            |                         |                        |                       |                              .2-1.0.2zd).                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-0732    |        openssl         |    1.1.0f-3+deb9u2    | During key agreement in a TLS handshake using a DH(E) based ciphersuit |
|            |                         |                        |                       | e a malicious server can send a very large prime value to the client.  |
|            |                         |                        |                       | This will cause the client to spend an unreasonably long period of tim |
|            |                         |                        |                       | e generating a key for this prime resulting in a hang until the client |
|            |                         |                        |                       |  has finished. This could be exploited in a Denial Of Service attack.  |
|            |                         |                        |                       | Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL  |
|            |                         |                        |                       |                  1.0.2p-dev (Affected 1.0.2-1.0.2o).                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2019-1543    |        openssl         |    1.1.0f-3+deb9u2    | ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input |
|            |                         |                        |                       |  for every encryption operation. RFC 7539 specifies that the nonce val |
|            |                         |                        |                       | ue (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce  |
|            |                         |                        |                       | length and front pads the nonce with 0 bytes if it is less than 12 byt |
|            |                         |                        |                       | es. However it also incorrectly allows a nonce to be set of up to 16 b |
|            |                         |                        |                       | ytes. In this case only the last 12 bytes are significant and any addi |
|            |                         |                        |                       | tional leading bytes are ignored. It is a requirement of using this ci |
|            |                         |                        |                       | pher that nonce values are unique. Messages encrypted using a reused n |
|            |                         |                        |                       | once value are susceptible to serious confidentiality and integrity at |
|            |                         |                        |                       | tacks. If an application changes the default nonce length to be longer |
|            |                         |                        |                       |  than 12 bytes and then makes a change to the leading bytes of the non |
|            |                         |                        |                       | ce expecting the new value to be a new unique nonce then such an appli |
|            |                         |                        |                       | cation could inadvertently encrypt messages with a reused nonce. Addit |
|            |                         |                        |                       | ionally the ignored bytes in a long nonce are not covered by the integ |
|            |                         |                        |                       | rity guarantee of this cipher. Any application that relies on the inte |
|            |                         |                        |                       | grity of these ignored leading bytes of a long nonce may be further af |
|            |                         |                        |                       | fected. Any OpenSSL internal use of this cipher, including in SSL/TLS, |
|            |                         |                        |                       |  is safe because no such use sets such a long nonce value. However use |
|            |                         |                        |                       | r applications that use this cipher directly and set a non-default non |
|            |                         |                        |                       | ce length to be longer than 12 bytes may be vulnerable. OpenSSL versio |
|            |                         |                        |                       | ns 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scop |
|            |                         |                        |                       | e of affected deployments this has been assessed as low severity and t |
|            |                         |                        |                       | herefore we are not creating new releases at this time. Fixed in OpenS |
|            |                         |                        |                       | SL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1 |
|            |                         |                        |                       |                             .1.0-1.1.0j).                              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-23840   |        openssl         |    1.1.0f-3+deb9u2    | Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may |
|            |                         |                        |                       |  overflow the output length argument in some cases where the input len |
|            |                         |                        |                       | gth is close to the maximum permissable length for an integer on the p |
|            |                         |                        |                       | latform. In such cases the return value from the function call will be |
|            |                         |                        |                       |  1 (indicating success), but the output length value will be negative. |
|            |                         |                        |                       |  This could cause applications to behave incorrectly or crash. OpenSSL |
|            |                         |                        |                       |  versions 1.1.1i and below are affected by this issue. Users of these  |
|            |                         |                        |                       | versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and |
|            |                         |                        |                       |  below are affected by this issue. However OpenSSL 1.0.2 is out of sup |
|            |                         |                        |                       | port and no longer receiving public updates. Premium support customers |
|            |                         |                        |                       |  of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade |
|            |                         |                        |                       |  to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in  |
|            |                         |                        |                       |                OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2021-3712    |        openssl         |    1.1.0f-3+deb9u2    | ASN.1 strings are represented internally within OpenSSL as an ASN1_STR |
|            |                         |                        |                       | ING structure which contains a buffer holding the string data and a fi |
|            |                         |                        |                       | eld holding the buffer length. This contrasts with normal C strings wh |
|            |                         |                        |                       | ich are repesented as a buffer for the string data which is terminated |
|            |                         |                        |                       |  with a NUL (0) byte. Although not a strict requirement, ASN.1 strings |
|            |                         |                        |                       |  that are parsed using OpenSSL's own "d2i" functions (and other simila |
|            |                         |                        |                       | r parsing functions) as well as any string whose value has been set wi |
|            |                         |                        |                       | th the ASN1_STRING_set() function will additionally NUL terminate the  |
|            |                         |                        |                       | byte array in the ASN1_STRING structure. However, it is possible for a |
|            |                         |                        |                       | pplications to directly construct valid ASN1_STRING structures which d |
|            |                         |                        |                       | o not NUL terminate the byte array by directly setting the "data" and  |
|            |                         |                        |                       | "length" fields in the ASN1_STRING array. This can also happen by usin |
|            |                         |                        |                       | g the ASN1_STRING_set0() function. Numerous OpenSSL functions that pri |
|            |                         |                        |                       | nt ASN.1 data have been found to assume that the ASN1_STRING byte arra |
|            |                         |                        |                       | y will be NUL terminated, even though this is not guaranteed for strin |
|            |                         |                        |                       | gs that have been directly constructed. Where an application requests  |
|            |                         |                        |                       | an ASN.1 structure to be printed, and where that ASN.1 structure conta |
|            |                         |                        |                       | ins ASN1_STRINGs that have been directly constructed by the applicatio |
|            |                         |                        |                       | n without NUL terminating the "data" field, then a read buffer overrun |
|            |                         |                        |                       |  can occur. The same thing can also occur during name constraints proc |
|            |                         |                        |                       | essing of certificates (for example if a certificate has been directly |
|            |                         |                        |                       |  constructed by the application instead of loading it via the OpenSSL  |
|            |                         |                        |                       | parsing functions, and the certificate contains non NUL terminated ASN |
|            |                         |                        |                       | 1_STRING structures). It can also occur in the X509_get1_email(), X509 |
|            |                         |                        |                       | _REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor |
|            |                         |                        |                       |  can cause an application to directly construct an ASN1_STRING and the |
|            |                         |                        |                       | n process it through one of the affected OpenSSL functions then this i |
|            |                         |                        |                       | ssue could be hit. This might result in a crash (causing a Denial of S |
|            |                         |                        |                       | ervice attack). It could also result in the disclosure of private memo |
|            |                         |                        |                       | ry contents (such as private keys, or sensitive plaintext). Fixed in O |
|            |                         |                        |                       | penSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affec |
|            |                         |                        |                       |                           ted 1.0.2-1.0.2y).                           |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-0778    |        openssl         |    1.1.0f-3+deb9u2    | The BN_mod_sqrt() function, which computes a modular square root, cont |
|            |                         |                        |                       | ains a bug that can cause it to loop forever for non-prime moduli. Int |
|            |                         |                        |                       | ernally this function is used when parsing certificates that contain e |
|            |                         |                        |                       | lliptic curve public keys in compressed form or explicit elliptic curv |
|            |                         |                        |                       | e parameters with a base point encoded in compressed form. It is possi |
|            |                         |                        |                       | ble to trigger the infinite loop by crafting a certificate that has in |
|            |                         |                        |                       | valid explicit curve parameters. Since certificate parsing happens pri |
|            |                         |                        |                       | or to verification of the certificate signature, any process that pars |
|            |                         |                        |                       | es an externally supplied certificate may thus be subject to a denial  |
|            |                         |                        |                       | of service attack. The infinite loop can also be reached when parsing  |
|            |                         |                        |                       | crafted private keys as they can contain explicit elliptic curve param |
|            |                         |                        |                       | eters. Thus vulnerable situations include: - TLS clients consuming ser |
|            |                         |                        |                       | ver certificates - TLS servers consuming client certificates - Hosting |
|            |                         |                        |                       |  providers taking certificates or private keys from customers - Certif |
|            |                         |                        |                       | icate authorities parsing certification requests from subscribers - An |
|            |                         |                        |                       | ything else which parses ASN.1 elliptic curve parameters Also any othe |
|            |                         |                        |                       | r applications that use the BN_mod_sqrt() where the attacker can contr |
|            |                         |                        |                       | ol the parameter values are vulnerable to this DoS issue. In the OpenS |
|            |                         |                        |                       | SL 1.0.2 version the public key is not parsed during initial parsing o |
|            |                         |                        |                       | f the certificate which makes it slightly harder to trigger the infini |
|            |                         |                        |                       | te loop. However any operation which requires the public key from the  |
|            |                         |                        |                       | certificate will trigger the infinite loop. In particular the attacker |
|            |                         |                        |                       |  can use a self-signed certificate to trigger the loop during verifica |
|            |                         |                        |                       | tion of the certificate signature. This issue affects OpenSSL versions |
|            |                         |                        |                       |  1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and  |
|            |                         |                        |                       | 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3 |
|            |                         |                        |                       | .0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenS |
|            |                         |                        |                       |                  SL 1.0.2zd (Affected 1.0.2-1.0.2zc).                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-0734   |        openssl         |    1.1.0f-3+deb9u2    | The OpenSSL DSA signature algorithm has been shown to be vulnerable to |
|            |                         |                        |                       |  a timing side channel attack. An attacker could use variations in the |
|            |                         |                        |                       |  signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a |
|            |                         |                        |                       |  (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi |
|            |                         |                        |                       |             xed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-0735   |        openssl         |    1.1.0f-3+deb9u2    | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable  |
|            |                         |                        |                       | to a timing side channel attack. An attacker could use variations in t |
|            |                         |                        |                       | he signing algorithm to recover the private key. Fixed in OpenSSL 1.1. |
|            |                         |                        |                       | 0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-0737   |        openssl         |    1.1.0f-3+deb9u2    | The OpenSSL RSA Key generation algorithm has been shown to be vulnerab |
|            |                         |                        |                       | le to a cache timing side channel attack. An attacker with sufficient  |
|            |                         |                        |                       | access to mount cache timing attacks during the RSA key generation pro |
|            |                         |                        |                       | cess could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affec |
|            |                         |                        |                       | ted 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o |
|            |                         |                        |                       |                                   ).                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-5407   |        openssl         |    1.1.0f-3+deb9u2    | Simultaneous Multi-threading (SMT) in processors can enable local user |
|            |                         |                        |                       | s to exploit software vulnerable to timing attacks via a side-channel  |
|            |                         |                        |                       |                  timing attack on 'port contention'.                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-1547   |        openssl         |    1.1.0f-3+deb9u2    | Normally in OpenSSL EC groups always have a co-factor present and this |
|            |                         |                        |                       |  is used in side channel resistant code paths. However, in some cases, |
|            |                         |                        |                       |  it is possible to construct a group using explicit parameters (instea |
|            |                         |                        |                       | d of using a named curve). In those cases it is possible that such a g |
|            |                         |                        |                       | roup does not have the cofactor present. This can occur even where all |
|            |                         |                        |                       |  the parameters match a known named curve. If such a curve is used the |
|            |                         |                        |                       | n OpenSSL falls back to non-side channel resistant code paths which ma |
|            |                         |                        |                       | y result in full key recovery during an ECDSA signature operation. In  |
|            |                         |                        |                       | order to be vulnerable an attacker would have to have the ability to t |
|            |                         |                        |                       | ime the creation of a large number of signatures where explicit parame |
|            |                         |                        |                       | ters with no co-factor present are in use by an application using libc |
|            |                         |                        |                       | rypto. For the avoidance of doubt libssl is not vulnerable because exp |
|            |                         |                        |                       | licit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1 |
|            |                         |                        |                       | .1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in  |
|            |                         |                        |                       |                OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2019-1551   |        openssl         |    1.1.0f-3+deb9u2    | There is an overflow bug in the x64_64 Montgomery squaring procedure u |
|            |                         |                        |                       | sed in exponentiation with 512-bit moduli. No EC algorithms are affect |
|            |                         |                        |                       | ed. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RS |
|            |                         |                        |                       | A1536, and DSA1024 as a result of this defect would be very difficult  |
|            |                         |                        |                       | to perform and are not believed likely. Attacks against DH512 are cons |
|            |                         |                        |                       | idered just feasible. However, for an attack the target would have to  |
|            |                         |                        |                       | re-use the DH512 private key, which is not recommended anyway. Also ap |
|            |                         |                        |                       | plications directly using the low level API BN_mod_exp may be affected |
|            |                         |                        |                       |  if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1 |
|            |                         |                        |                       |       -1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2020-1971   |        openssl         |    1.1.0f-3+deb9u2    | The X.509 GeneralName type is a generic type for representing differen |
|            |                         |                        |                       | t types of names. One of those name types is known as EDIPartyName. Op |
|            |                         |                        |                       | enSSL provides a function GENERAL_NAME_cmp which compares different in |
|            |                         |                        |                       | stances of a GENERAL_NAME to see if they are equal or not. This functi |
|            |                         |                        |                       | on behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME |
|            |                         |                        |                       | . A NULL pointer dereference and a crash may occur leading to a possib |
|            |                         |                        |                       | le denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp  |
|            |                         |                        |                       | function for two purposes: 1) Comparing CRL distribution point names b |
|            |                         |                        |                       | etween an available CRL and a CRL distribution point embedded in an X5 |
|            |                         |                        |                       | 09 certificate 2) When verifying that a timestamp response token signe |
|            |                         |                        |                       | r matches the timestamp authority name (exposed via the API functions  |
|            |                         |                        |                       | TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can c |
|            |                         |                        |                       | ontrol both items being compared then that attacker could trigger a cr |
|            |                         |                        |                       | ash. For example if the attacker can trick a client or server into che |
|            |                         |                        |                       | cking a malicious certificate against a malicious CRL then this may oc |
|            |                         |                        |                       | cur. Note that some applications automatically download CRLs based on  |
|            |                         |                        |                       | a URL embedded in a certificate. This checking happens prior to the si |
|            |                         |                        |                       | gnatures on the certificate and CRL being verified. OpenSSL's s_server |
|            |                         |                        |                       | , s_client and verify tools have support for the "-crl_download" optio |
|            |                         |                        |                       | n which implements automatic CRL downloading and this attack has been  |
|            |                         |                        |                       | demonstrated to work against those tools. Note that an unrelated bug m |
|            |                         |                        |                       | eans that affected versions of OpenSSL cannot parse or construct corre |
|            |                         |                        |                       | ct encodings of EDIPARTYNAME. However it is possible to construct a ma |
|            |                         |                        |                       | lformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigg |
|            |                         |                        |                       | er this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by t |
|            |                         |                        |                       | his issue. Other OpenSSL releases are out of support and have not been |
|            |                         |                        |                       |  checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in Op |
|            |                         |                        |                       |                 enSSL 1.0.2x (Affected 1.0.2-1.0.2w).                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-23841  |        openssl         |    1.1.0f-3+deb9u2    | The OpenSSL public API function X509_issuer_and_serial_hash() attempts |
|            |                         |                        |                       |  to create a unique hash value based on the issuer and serial number d |
|            |                         |                        |                       | ata contained within an X509 certificate. However it fails to correctl |
|            |                         |                        |                       | y handle any errors that may occur while parsing the issuer field (whi |
|            |                         |                        |                       | ch might occur if the issuer field is maliciously constructed). This m |
|            |                         |                        |                       | ay subsequently result in a NULL pointer deref and a crash leading to  |
|            |                         |                        |                       | a potential denial of service attack. The function X509_issuer_and_ser |
|            |                         |                        |                       | ial_hash() is never directly called by OpenSSL itself so applications  |
|            |                         |                        |                       | are only vulnerable if they use this function directly and they use it |
|            |                         |                        |                       |  on certificates that may have been obtained from untrusted sources. O |
|            |                         |                        |                       | penSSL versions 1.1.1i and below are affected by this issue. Users of  |
|            |                         |                        |                       | these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0. |
|            |                         |                        |                       | 2x and below are affected by this issue. However OpenSSL 1.0.2 is out  |
|            |                         |                        |                       | of support and no longer receiving public updates. Premium support cus |
|            |                         |                        |                       | tomers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should u |
|            |                         |                        |                       | pgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fix |
|            |                         |                        |                       |             ed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2021-4160   |        openssl         |    1.1.0f-3+deb9u2    | There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro |
|            |                         |                        |                       | cedure. Many EC algorithms are affected, including some of the TLS 1.3 |
|            |                         |                        |                       |  default curves. Impact was not analyzed in detail, because the pre-re |
|            |                         |                        |                       | quisites for attack are considered unlikely and include reusing privat |
|            |                         |                        |                       | e keys. Analysis suggests that attacks against RSA and DSA as a result |
|            |                         |                        |                       |  of this defect would be very difficult to perform and are not believe |
|            |                         |                        |                       | d likely. Attacks against DH are considered just feasible (although ve |
|            |                         |                        |                       | ry difficult) because most of the work necessary to deduce information |
|            |                         |                        |                       |  about a private key may be performed offline. The amount of resources |
|            |                         |                        |                       |  required for such an attack would be significant. However, for an att |
|            |                         |                        |                       | ack on TLS to be meaningful, the server would have to share the DH pri |
|            |                         |                        |                       | vate key among multiple clients, which is no longer an option since CV |
|            |                         |                        |                       | E-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. |
|            |                         |                        |                       | 0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of |
|            |                         |                        |                       |  December 2021. For the 1.0.2 release it is addressed in git commit 6f |
|            |                         |                        |                       | c1aaaf3 that is available to premium support customers only. It will b |
|            |                         |                        |                       | e made available in 1.0.2zc when it is released. The issue only affect |
|            |                         |                        |                       | s OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).  |
|            |                         |                        |                       | Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0. |
|            |                         |                        |                       |                   2zc-dev (Affected 1.0.2-1.0.2zb).                    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2019-1563    |        openssl         |    1.1.0f-3+deb9u2    | In situations where an attacker receives automated notification of the |
|            |                         |                        |                       |  success or failure of a decryption attempt an attacker, after sending |
|            |                         |                        |                       |  a very large number of messages to be decrypted, can recover a CMS/PK |
|            |                         |                        |                       | CS7 transported encryption key or decrypt any RSA encrypted message th |
|            |                         |                        |                       | at was encrypted with the public RSA key, using a Bleichenbacher paddi |
|            |                         |                        |                       | ng oracle attack. Applications are not affected if they use a certific |
|            |                         |                        |                       | ate together with the private RSA key to the CMS_decrypt or PKCS7_decr |
|            |                         |                        |                       | ypt functions to select the correct recipient info to decrypt. Fixed i |
|            |                         |                        |                       | n OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Aff |
|            |                         |                        |                       | ected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2017-12424 |         passwd         |       1:4.4-4.1       | In shadow before 4.5, the newusers tool could be made to manipulate in |
|            |                         |                        |                       | ternal data structures in ways unintended by the authors. Malformed in |
|            |                         |                        |                       | put may lead to crashes (with a buffer overflow or other memory corrup |
|            |                         |                        |                       | tion) or other unspecified behaviors. This crosses a privilege boundar |
|            |                         |                        |                       | y in, for example, certain web-hosting environments in which a Control |
|            |                         |                        |                       |    Panel allows an unprivileged user account to create subaccounts.    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2017-20002   |         passwd         |       1:4.4-4.1       | The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists  |
|            |                         |                        |                       | pts/0 and pts/1 as physical terminals in /etc/securetty. This allows l |
|            |                         |                        |                       | ocal users to login as password-less users even if they are connected  |
|            |                         |                        |                       | by non-physical means such as SSH (hence bypassing PAM's nullok_secure |
|            |                         |                        |                       |  configuration). This notably affects environments such as virtual mac |
|            |                         |                        |                       | hines automatically generated with a default blank root password, allo |
|            |                         |                        |                       |              wing all local users to escalate privileges.              |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |    Low CVE-2018-7169    |         passwd         |       1:4.4-4.1       | An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is  |
|            |                         |                        |                       | setuid and allows an unprivileged user to be placed in a user namespac |
|            |                         |                        |                       | e where setgroups(2) is permitted. This allows an attacker to remove t |
|            |                         |                        |                       | hemselves from a supplementary group, which may allow access to certai |
|            |                         |                        |                       | n filesystem paths if the administrator has used "group blacklisting"  |
|            |                         |                        |                       | (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively |
|            |                         |                        |                       |  reverts a security feature in the kernel (in particular, the /proc/se |
|            |                         |                        |                       |    lf/setgroups knob) to prevent this sort of privilege escalation.    |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2018-18311 |       perl-base        |    5.24.1-3+deb9u3    | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via  |
|            |                         |                        |                       |  a crafted regular expression that triggers invalid write operations.  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2018-18312 |       perl-base        |    5.24.1-3+deb9u3    | Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via  |
|            |                         |                        |                       |  a crafted regular expression that triggers invalid write operations.  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2018-18313 |       perl-base        |    5.24.1-3+deb9u3    | Perl before 5.26.3 has a buffer over-read via a crafted regular expres |
|            |                         |                        |                       | sion that triggers disclosure of sensitive information from process me |
|            |                         |                        |                       |                                 mory.                                  |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2018-18314 |       perl-base        |    5.24.1-3+deb9u3    | Perl before 5.26.3 has a buffer overflow via a crafted regular express |
|            |                         |                        |                       |              ion that triggers invalid write operations.               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-12015   |       perl-base        |    5.24.1-3+deb9u3    | In Perl through 5.26.2, the Archive::Tar module allows remote attacker |
|            |                         |                        |                       | s to bypass a directory-traversal protection mechanism, and overwrite  |
|            |                         |                        |                       | arbitrary files, via an archive file containing a symlink and a regula |
|            |                         |                        |                       |                       r file with the same name.                       |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-10543   |       perl-base        |    5.24.1-3+deb9u3    | Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over |
|            |                         |                        |                       | flow because nested regular expression quantifiers have an integer ove |
|            |                         |                        |                       |                                 rflow.                                 |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-10878   |       perl-base        |    5.24.1-3+deb9u3    | Perl before 5.30.3 has an integer overflow related to mishandling of a |
|            |                         |                        |                       |  "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expressio |
|            |                         |                        |                       | n could lead to malformed bytecode with a possibility of instruction i |
|            |                         |                        |                       |                               njection.                                |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-12723   |       perl-base        |    5.24.1-3+deb9u3    | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted |
|            |                         |                        |                       |      regular expression because of recursive S_study_chunk calls.      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2020-16156   |       perl-base        |    5.24.1-3+deb9u3    |            CPAN 2.28 allows Signature Verification Bypass.             |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  Medium CVE-2018-20482  |          tar           |       1.29b-1.1       | GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage |
|            |                         |                        |                       |  during read access, which allows local users to cause a denial of ser |
|            |                         |                        |                       | vice (infinite read loop in sparse_dump_region in sparse.c) by modifyi |
|            |                         |                        |                       | ng a file that is supposed to be archived by a different user's proces |
|            |                         |                        |                       |               s (e.g., a system backup running as root).               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2424-1    |         tzdata         |    2018d-0+deb9u1     |                               DLA-2424-1                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2509-1    |         tzdata         |    2018d-0+deb9u1     |                               DLA-2509-1                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2542-1    |         tzdata         |    2018d-0+deb9u1     |                               DLA-2542-1                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2797-1    |         tzdata         |    2018d-0+deb9u1     |                               DLA-2797-1                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-2963-1    |         tzdata         |    2018d-0+deb9u1     |                               DLA-2963-1                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Unknown DLA-3051-1    |         tzdata         |    2018d-0+deb9u1     |                               DLA-3051-1                               |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |  High CVE-2018-1000035  |         unzip          |        6.0-21         | A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00  |
|            |                         |                        |                       | in the processing of password-protected archives that allows an attack |
|            |                         |                        |                       | er to perform a denial of service or to possibly achieve code executio |
|            |                         |                        |                       |                                   n.                                   |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2019-13232    |         unzip          |        6.0-21         | Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co |
|            |                         |                        |                       | ntainer, leading to denial of service (resource consumption), aka a "b |
|            |                         |                        |                       |                         etter zip bomb" issue.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2016-2779    |       util-linux       |    2.29.2-1+deb9u1    | runuser in util-linux allows local users to escape to the parent sessi |
|            |                         |                        |                       | on via a crafted TIOCSTI ioctl call, which pushes characters to the te |
|            |                         |                        |                       |                         rminal's input buffer.                         |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   Low CVE-2021-37600    |       util-linux       |    2.29.2-1+deb9u1    | An integer overflow in util-linux through 2.37.1 can potentially cause |
|            |                         |                        |                       |  a buffer overflow if an attacker were able to use system resources in |
|            |                         |                        |                       |  a way that leads to a large number in the /proc/sysvipc/sem file. NOT |
|            |                         |                        |                       | E: this is unexploitable in GNU C Library environments, and possibly i |
|            |                         |                        |                       |                     n all realistic environments.                      |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2022-1271    |        xz-utils        |     5.2.2-1.2+b1      | An arbitrary file write vulnerability was found in GNU gzip's zgrep ut |
|            |                         |                        |                       | ility. When zgrep is applied on the attacker's chosen file name (for e |
|            |                         |                        |                       | xample, a crafted file name), this can overwrite an attacker's content |
|            |                         |                        |                       |  to an arbitrary attacker-selected file. This flaw occurs due to insuf |
|            |                         |                        |                       | ficient validation when processing filenames with two or more newlines |
|            |                         |                        |                       |  where selected content and the target file names are embedded in craf |
|            |                         |                        |                       | ted multi-line file names. This flaw allows a remote, low privileged a |
|            |                         |                        |                       |     ttacker to force zgrep to write arbitrary files on the system.     |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
| Unapproved |   High CVE-2018-25032   |         zlib1g         |    1:1.2.8.dfsg-5     | zlib before 1.2.12 allows memory corruption when deflating (i.e., when |
|            |                         |                        |                       |           compressing) if the input has many distant matches.          |
+------------+-------------------------+------------------------+-----------------------+------------------------------------------------------------------------+
[INFO] [2024-03-22 02:45:47 +0000] [container-scanning]  >  Scanning container from registry registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0 for vulnerabilities with severity level UNKNOWN or higher, with gcs 6.7.0 and Trivy Version: 0.49.1, advisories updated at 2024-03-21T04:28:14+00:00

[INFO] [2024-03-22 02:46:06 +0000] [container-scanning]  >  Scanning container from registry registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0 for vulnerabilities with severity level UNKNOWN or higher, with gcs 6.7.0 and Trivy Version: 0.49.1, advisories updated at 2024-03-21T04:28:14+00:00

section_end:1711075571:step_script
section_start:1711075571:upload_artifacts_on_success
Uploading artifacts for successful job
Uploading artifacts...
gl-container-scanning-report.json: found 1 matching artifact files and directories 
gl-dependency-scanning-report.json: found 1 matching artifact files and directories 
**/gl-sbom-*.cdx.json: found 1 matching artifact files and directories 
WARNING: Upload request redirected                  location=https://gitlab.com/api/v4/jobs/6453054504/artifacts?artifact_format=zip&artifact_type=archive new-url=https://gitlab.com
WARNING: Retrying...                                context=artifacts-uploader error=request redirected
Uploading artifacts as "archive" to coordinator... 201 Created  id=6453054504 responseStatus=201 Created token=glcbt-65
Uploading artifacts...
**/gl-sbom-*.cdx.json: found 1 matching artifact files and directories 
WARNING: Upload request redirected                  location=https://gitlab.com/api/v4/jobs/6453054504/artifacts?artifact_format=gzip&artifact_type=cyclonedx new-url=https://gitlab.com
WARNING: Retrying...                                context=artifacts-uploader error=request redirected
Uploading artifacts as "cyclonedx" to coordinator... 201 Created  id=6453054504 responseStatus=201 Created token=glcbt-65
Uploading artifacts...
gl-container-scanning-report.json: found 1 matching artifact files and directories 
WARNING: Upload request redirected                  location=https://gitlab.com/api/v4/jobs/6453054504/artifacts?artifact_format=raw&artifact_type=container_scanning new-url=https://gitlab.com
WARNING: Retrying...                                context=artifacts-uploader error=request redirected
Uploading artifacts as "container_scanning" to coordinator... 201 Created  id=6453054504 responseStatus=201 Created token=glcbt-65
Uploading artifacts...
gl-dependency-scanning-report.json: found 1 matching artifact files and directories 
WARNING: Upload request redirected                  location=https://gitlab.com/api/v4/jobs/6453054504/artifacts?artifact_format=raw&artifact_type=dependency_scanning new-url=https://gitlab.com
WARNING: Retrying...                                context=artifacts-uploader error=request redirected
Uploading artifacts as "dependency_scanning" to coordinator... 201 Created  id=6453054504 responseStatus=201 Created token=glcbt-65
section_end:1711075579:upload_artifacts_on_success
section_start:1711075579:cleanup_file_variables
Cleaning up project directory and file based variables
section_end:1711075580:cleanup_file_variables
Job succeeded