{ "LayerCount":14, "Vulnerabilities":{ "High":[ { "Name":"CVE-2016-9427", "NamespaceName":"debian:9", "Description":"Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.", "Link":"https://security-tracker.debian.org/tracker/CVE-2016-9427", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FeatureName":"libgc", "FeatureVersion":"1:7.4.2-8" }, { "Name":"CVE-2017-14062", "NamespaceName":"debian:9", "Description":"Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-14062", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FeatureName":"libidn", "FeatureVersion":"1.33-1" }, { "Name":"CVE-2018-6954", "NamespaceName":"debian:9", "Description":"systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-6954", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.2, "Vectors":"AV:L/AC:L/Au:N/C:C/I:C" } } }, "FeatureName":"systemd", "FeatureVersion":"232-25+deb9u8" }, { "Name":"CVE-2018-15686", "NamespaceName":"debian:9", "Description":"A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-15686", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":10, "Vectors":"AV:N/AC:L/Au:N/C:C/I:C" } } }, "FeatureName":"systemd", "FeatureVersion":"232-25+deb9u8" }, { "Name":"CVE-2016-2779", "NamespaceName":"debian:9", "Description":"runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "Link":"https://security-tracker.debian.org/tracker/CVE-2016-2779", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.2, "Vectors":"AV:L/AC:L/Au:N/C:C/I:C" } } }, "FeatureName":"util-linux", "FeatureVersion":"2.29.2-1+deb9u1" }, { "Name":"CVE-2017-18269", "NamespaceName":"debian:9", "Description":"An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-18269", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FixedBy":"2.24-11+deb9u4", "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2018-1000001", "NamespaceName":"debian:9", "Description":"In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-1000001", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.2, "Vectors":"AV:L/AC:L/Au:N/C:C/I:C" } } }, "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2017-15670", "NamespaceName":"debian:9", "Description":"The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-15670", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FixedBy":"2.24-11+deb9u4", "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2017-1000408", "NamespaceName":"debian:9", "Description":"A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-1000408", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.2, "Vectors":"AV:L/AC:L/Au:N/C:C/I:C" } } }, "FixedBy":"2.24-11+deb9u4", "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2019-9169", "NamespaceName":"debian:9", "Description":"In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", "Link":"https://security-tracker.debian.org/tracker/CVE-2019-9169", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2018-6485", "NamespaceName":"debian:9", "Description":"An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-6485", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2017-15804", "NamespaceName":"debian:9", "Description":"The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-15804", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FixedBy":"2.24-11+deb9u4", "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2018-6551", "NamespaceName":"debian:9", "Description":"The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-6551", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2017-16997", "NamespaceName":"debian:9", "Description":"elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-16997", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":9.3, "Vectors":"AV:N/AC:M/Au:N/C:C/I:C" } } }, "FixedBy":"2.24-11+deb9u4", "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2017-12424", "NamespaceName":"debian:9", "Description":"In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-12424", "Severity":"High", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FeatureName":"shadow", "FeatureVersion":"1:4.4-4.1" } ], "Low":[ { "Name":"CVE-2017-11462", "NamespaceName":"debian:9", "Description":"Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-11462", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":7.5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:P" } } }, "FeatureName":"krb5", "FeatureVersion":"1.15-1+deb9u1" }, { "Name":"CVE-2018-20217", "NamespaceName":"debian:9", "Description":"A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-20217", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":3.5, "Vectors":"AV:N/AC:M/Au:S/C:N/I:N" } } }, "FeatureName":"krb5", "FeatureVersion":"1.15-1+deb9u1" }, { "Name":"CVE-2018-16888", "NamespaceName":"debian:9", "Description":"It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-16888", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":1.9, "Vectors":"AV:L/AC:M/Au:N/C:N/I:N" } } }, "FeatureName":"systemd", "FeatureVersion":"232-25+deb9u8" }, { "Name":"CVE-2018-16868", "NamespaceName":"debian:9", "Description":"A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-16868", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":3.3, "Vectors":"AV:L/AC:M/Au:N/C:P/I:P" } } }, "FeatureName":"gnutls28", "FeatureVersion":"3.5.8-5+deb9u4" }, { "Name":"CVE-2018-16869", "NamespaceName":"debian:9", "Description":"A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-16869", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":3.3, "Vectors":"AV:L/AC:M/Au:N/C:P/I:P" } } }, "FeatureName":"nettle", "FeatureVersion":"3.3-1" }, { "Name":"CVE-2018-20482", "NamespaceName":"debian:9", "Description":"GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-20482", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":1.9, "Vectors":"AV:L/AC:M/Au:N/C:N/I:N" } } }, "FeatureName":"tar", "FeatureVersion":"1.29b-1.1" }, { "Name":"CVE-2018-10754", "NamespaceName":"debian:9", "Description":"In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-10754", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":5, "Vectors":"AV:N/AC:L/Au:N/C:N/I:N" } } }, "FeatureName":"ncurses", "FeatureVersion":"6.0+20161126-1+deb9u2" }, { "Name":"CVE-2016-2781", "NamespaceName":"debian:9", "Description":"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "Link":"https://security-tracker.debian.org/tracker/CVE-2016-2781", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":2.1, "Vectors":"AV:L/AC:L/Au:N/C:N/I:P" } } }, "FeatureName":"coreutils", "FeatureVersion":"8.26-3" }, { "Name":"CVE-2018-9234", "NamespaceName":"debian:9", "Description":"GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-9234", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:N" } } }, "FeatureName":"gnupg2", "FeatureVersion":"2.1.18-8~deb9u3" }, { "Name":"CVE-2017-5969", "NamespaceName":"debian:9", "Description":"** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-5969", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":2.6, "Vectors":"AV:N/AC:H/Au:N/C:N/I:N" } } }, "FeatureName":"libxml2", "FeatureVersion":"2.9.4+dfsg1-2.2+deb9u2" }, { "Name":"CVE-2016-10228", "NamespaceName":"debian:9", "Description":"The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", "Link":"https://security-tracker.debian.org/tracker/CVE-2016-10228", "Severity":"Low", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4.3, "Vectors":"AV:N/AC:M/Au:N/C:N/I:N" } } }, "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" } ], "Medium":[ { "Name":"CVE-2018-5710", "NamespaceName":"debian:9", "Description":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-5710", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4, "Vectors":"AV:N/AC:L/Au:S/C:N/I:N" } } }, "FeatureName":"krb5", "FeatureVersion":"1.15-1+deb9u1" }, { "Name":"CVE-2018-5730", "NamespaceName":"debian:9", "Description":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-5730", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":5.5, "Vectors":"AV:N/AC:L/Au:S/C:P/I:P" } } }, "FeatureName":"krb5", "FeatureVersion":"1.15-1+deb9u1" }, { "Name":"CVE-2018-5729", "NamespaceName":"debian:9", "Description":"MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-5729", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.5, "Vectors":"AV:N/AC:L/Au:S/C:P/I:P" } } }, "FeatureName":"krb5", "FeatureVersion":"1.15-1+deb9u1" }, { "Name":"CVE-2018-1049", "NamespaceName":"debian:9", "Description":"In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-1049", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4.3, "Vectors":"AV:N/AC:M/Au:N/C:N/I:N" } } }, "FeatureName":"systemd", "FeatureVersion":"232-25+deb9u8" }, { "Name":"CVE-2011-3389", "NamespaceName":"debian:9", "Description":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "Link":"https://security-tracker.debian.org/tracker/CVE-2011-3389", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4.3, "Vectors":"AV:N/AC:M/Au:N/C:P/I:N" } } }, "FeatureName":"gnutls28", "FeatureVersion":"3.5.8-5+deb9u4" }, { "Name":"CVE-2019-8905", "NamespaceName":"debian:9", "Description":"do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "Link":"https://security-tracker.debian.org/tracker/CVE-2019-8905", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.8, "Vectors":"AV:N/AC:M/Au:N/C:P/I:P" } } }, "FeatureName":"file", "FeatureVersion":"1:5.30-1+deb9u2" }, { "Name":"CVE-2019-8907", "NamespaceName":"debian:9", "Description":"do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.", "Link":"https://security-tracker.debian.org/tracker/CVE-2019-8907", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.8, "Vectors":"AV:N/AC:M/Au:N/C:P/I:P" } } }, "FeatureName":"file", "FeatureVersion":"1:5.30-1+deb9u2" }, { "Name":"CVE-2018-20346", "NamespaceName":"debian:9", "Description":"SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-20346", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.8, "Vectors":"AV:N/AC:M/Au:N/C:P/I:P" } } }, "FeatureName":"sqlite3", "FeatureVersion":"3.16.2-5+deb9u1" }, { "Name":"CVE-2018-8740", "NamespaceName":"debian:9", "Description":"In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-8740", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":5, "Vectors":"AV:N/AC:L/Au:N/C:N/I:N" } } }, "FeatureName":"sqlite3", "FeatureVersion":"3.16.2-5+deb9u1" }, { "Name":"CVE-2018-20406", "NamespaceName":"debian:9", "Description":"Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a \"resize to twice the size\" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-20406", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":5, "Vectors":"AV:N/AC:L/Au:N/C:N/I:N" } } }, "FeatureName":"python3.5", "FeatureVersion":"3.5.3-1+deb9u1" }, { "Name":"CVE-2018-1000858", "NamespaceName":"debian:9", "Description":"GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-1000858", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.8, "Vectors":"AV:N/AC:M/Au:N/C:P/I:P" } } }, "FeatureName":"gnupg2", "FeatureVersion":"2.1.18-8~deb9u3" }, { "Name":"CVE-2018-14567", "NamespaceName":"debian:9", "Description":"libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-14567", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4.3, "Vectors":"AV:N/AC:M/Au:N/C:N/I:N" } } }, "FeatureName":"libxml2", "FeatureVersion":"2.9.4+dfsg1-2.2+deb9u2" }, { "Name":"CVE-2016-9318", "NamespaceName":"debian:9", "Description":"libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", "Link":"https://security-tracker.debian.org/tracker/CVE-2016-9318", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.8, "Vectors":"AV:N/AC:M/Au:N/C:P/I:P" } } }, "FeatureName":"libxml2", "FeatureVersion":"2.9.4+dfsg1-2.2+deb9u2" }, { "Name":"CVE-2017-18258", "NamespaceName":"debian:9", "Description":"The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-18258", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4.3, "Vectors":"AV:N/AC:M/Au:N/C:N/I:N" } } }, "FeatureName":"libxml2", "FeatureVersion":"2.9.4+dfsg1-2.2+deb9u2" }, { "Name":"CVE-2017-8872", "NamespaceName":"debian:9", "Description":"The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-8872", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.4, "Vectors":"AV:N/AC:L/Au:N/C:P/I:N" } } }, "FeatureName":"libxml2", "FeatureVersion":"2.9.4+dfsg1-2.2+deb9u2" }, { "Name":"CVE-2018-14404", "NamespaceName":"debian:9", "Description":"A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-14404", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":5, "Vectors":"AV:N/AC:L/Au:N/C:N/I:N" } } }, "FeatureName":"libxml2", "FeatureVersion":"2.9.4+dfsg1-2.2+deb9u2" }, { "Name":"CVE-2017-5130", "NamespaceName":"debian:9", "Description":"An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-5130", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.8, "Vectors":"AV:N/AC:M/Au:N/C:P/I:P" } } }, "FeatureName":"libxml2", "FeatureVersion":"2.9.4+dfsg1-2.2+deb9u2" }, { "Name":"CVE-2017-16932", "NamespaceName":"debian:9", "Description":"parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-16932", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":5, "Vectors":"AV:N/AC:L/Au:N/C:N/I:N" } } }, "FeatureName":"libxml2", "FeatureVersion":"2.9.4+dfsg1-2.2+deb9u2" }, { "Name":"CVE-2017-12132", "NamespaceName":"debian:9", "Description":"The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-12132", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4.3, "Vectors":"AV:N/AC:M/Au:N/C:N/I:P" } } }, "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2017-15671", "NamespaceName":"debian:9", "Description":"The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-15671", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4.3, "Vectors":"AV:N/AC:M/Au:N/C:N/I:N" } } }, "FixedBy":"2.24-11+deb9u4", "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2016-10739", "NamespaceName":"debian:9", "Description":"In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", "Link":"https://security-tracker.debian.org/tracker/CVE-2016-10739", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4.6, "Vectors":"AV:L/AC:L/Au:N/C:P/I:P" } } }, "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2018-11236", "NamespaceName":"debian:9", "Description":"stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-11236", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.8, "Vectors":"AV:N/AC:M/Au:N/C:P/I:P" } } }, "FixedBy":"2.24-11+deb9u4", "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2018-11237", "NamespaceName":"debian:9", "Description":"An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-11237", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4.6, "Vectors":"AV:L/AC:L/Au:N/C:P/I:P" } } }, "FixedBy":"2.24-11+deb9u4", "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2009-5155", "NamespaceName":"debian:9", "Description":"In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", "Link":"https://security-tracker.debian.org/tracker/CVE-2009-5155", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":5, "Vectors":"AV:N/AC:L/Au:N/C:N/I:N" } } }, "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2017-1000409", "NamespaceName":"debian:9", "Description":"A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-1000409", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.9, "Vectors":"AV:L/AC:M/Au:N/C:C/I:C" } } }, "FixedBy":"2.24-11+deb9u4", "FeatureName":"glibc", "FeatureVersion":"2.24-11+deb9u3" }, { "Name":"CVE-2018-7169", "NamespaceName":"debian:9", "Description":"An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", "Link":"https://security-tracker.debian.org/tracker/CVE-2018-7169", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":5, "Vectors":"AV:N/AC:L/Au:N/C:P/I:N" } } }, "FeatureName":"shadow", "FeatureVersion":"1:4.4-4.1" }, { "Name":"CVE-2017-9525", "NamespaceName":"debian:9", "Description":"In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.", "Link":"https://security-tracker.debian.org/tracker/CVE-2017-9525", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":6.9, "Vectors":"AV:L/AC:M/Au:N/C:C/I:C" } } }, "FeatureName":"cron", "FeatureVersion":"3.0pl1-128+deb9u1" }, { "Name":"CVE-2019-2529", "NamespaceName":"debian:9", "Description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "Link":"https://security-tracker.debian.org/tracker/CVE-2019-2529", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4, "Vectors":"AV:N/AC:L/Au:S/C:N/I:N" } } }, "FeatureName":"mariadb-10.1", "FeatureVersion":"10.1.37-0+deb9u1" }, { "Name":"CVE-2019-2537", "NamespaceName":"debian:9", "Description":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "Link":"https://security-tracker.debian.org/tracker/CVE-2019-2537", "Severity":"Medium", "Metadata":{ "NVD":{ "CVSSv2":{ "Score":4, "Vectors":"AV:N/AC:L/Au:S/C:N/I:N" } } }, "FeatureName":"mariadb-10.1", "FeatureVersion":"10.1.37-0+deb9u1" } ] } }