{ "version": "3.0", "vulnerabilities": [ { "id": "93eb320b32ea6a7a65e4f50fd7e052906a11c7e9b0beb7c2d1e68570dc5a6f1f", "category": "container_scanning", "message": "CVE-2011-3374 in apt", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "cve": "debian:9:apt:CVE-2011-3374", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "apt" }, "version": "1.4.10" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2011-3374", "value": "CVE-2011-3374", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3374" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2011-3374" } ] }, { "id": "a99ae9b1b507363f3a64ddf57e9bb4ca8a287b4e047fa8cb5a6fcc0182013d32", "category": "container_scanning", "message": "CVE-2019-18276 in bash", "description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.", "cve": "debian:9:bash:CVE-2019-18276", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "bash" }, "version": "4.4-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-18276", "value": "CVE-2019-18276", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-18276" } ] }, { "id": "bf27c7293422f8ba4e1c5a73d5e2ff74c7a1e0255fd51c7df282385c8d25e09a", "category": "container_scanning", "message": "CVE-2017-13716 in binutils", "description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).", "cve": "debian:9:binutils:CVE-2017-13716", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-13716", "value": "CVE-2017-13716", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-13716" } ] }, { "id": "648f4a3171231d45fa4d70d0c31bd7b2f857054bb200973305976980da0d044f", "category": "container_scanning", "message": "CVE-2017-14128 in binutils", "description": "The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-14128", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14128", "value": "CVE-2017-14128", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14128" } ] }, { "id": "853bfaa5eda25dc09a4836cf8acaee751620b770071936aa4803bad12bd3a842", "category": "container_scanning", "message": "CVE-2017-14129 in binutils", "description": "The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-14129", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14129", "value": "CVE-2017-14129", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14129" } ] }, { "id": "e0debd4e31e9ee58228d8e7eb1489011e97522e17b0038d45881bc4920920b16", "category": "container_scanning", "message": "CVE-2017-14130 in binutils", "description": "The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-14130", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14130", "value": "CVE-2017-14130", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14130" } ] }, { "id": "aa0181964514b47120ba66db8de900672dbdc23d8c55ccc47b01bf605d5d7603", "category": "container_scanning", "message": "CVE-2017-14930 in binutils", "description": "Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-14930", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14930", "value": "CVE-2017-14930", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14930" } ] }, { "id": "38378a799f0df828a597b16105551d05fe12777837e4f2b2acdcf9746d11241c", "category": "container_scanning", "message": "CVE-2017-14932 in binutils", "description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-14932", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14932", "value": "CVE-2017-14932", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14932" } ] }, { "id": "90a0aba23ab969dd3b23047e5516c067635d0e0cc508a3c96a87c60c9da923e7", "category": "container_scanning", "message": "CVE-2017-14933 in binutils", "description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-14933", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14933", "value": "CVE-2017-14933", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14933" } ] }, { "id": "4cf746953b1f386c0838e2b18bd698561864c1784454796957b704777acc39cc", "category": "container_scanning", "message": "CVE-2017-14934 in binutils", "description": "process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.", "cve": "debian:9:binutils:CVE-2017-14934", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14934", "value": "CVE-2017-14934", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14934" } ] }, { "id": "529b9ab56b93c19a568581d54cafaab42018dec8a43b00d7ad092b0c1f402937", "category": "container_scanning", "message": "CVE-2017-14938 in binutils", "description": "_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-14938", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14938", "value": "CVE-2017-14938", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14938" } ] }, { "id": "1448bfef2795f48f5a9d2dbdab37541b3bef80194a42f209e62276b0a4b5587d", "category": "container_scanning", "message": "CVE-2017-14939 in binutils", "description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.", "cve": "debian:9:binutils:CVE-2017-14939", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14939", "value": "CVE-2017-14939", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14939" } ] }, { "id": "9bac229986bdad38fd077f61bb08bb49b6bdb79a942c102bd54763f990686839", "category": "container_scanning", "message": "CVE-2017-14940 in binutils", "description": "scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-14940", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14940", "value": "CVE-2017-14940", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14940" } ] }, { "id": "dae2cb07bf926efb94d92014833c3528372e1d9057fd54778446c94bf23d9a01", "category": "container_scanning", "message": "CVE-2017-15020 in binutils", "description": "dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.", "cve": "debian:9:binutils:CVE-2017-15020", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-15020", "value": "CVE-2017-15020", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-15020" } ] }, { "id": "850aafb54aa9472de044a6057ff6ce7a057de2e8adf0bee94a7863d6aa61beff", "category": "container_scanning", "message": "CVE-2017-15021 in binutils", "description": "bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.", "cve": "debian:9:binutils:CVE-2017-15021", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-15021", "value": "CVE-2017-15021", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-15021" } ] }, { "id": "c7c5a17bda755bdf0014ebcb4f1b834838112570eaff54377329e22053e16236", "category": "container_scanning", "message": "CVE-2017-15022 in binutils", "description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.", "cve": "debian:9:binutils:CVE-2017-15022", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-15022", "value": "CVE-2017-15022", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-15022" } ] }, { "id": "f450970db116a3de8dccf024e42217a6954214de27d07b87ea56f608e918fad5", "category": "container_scanning", "message": "CVE-2017-15023 in binutils", "description": "read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.", "cve": "debian:9:binutils:CVE-2017-15023", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-15023", "value": "CVE-2017-15023", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-15023" } ] }, { "id": "e336ef0572302bedaf7b2b90373511642b7fa1b90d8da9f5030aa4c5d175c7de", "category": "container_scanning", "message": "CVE-2017-15024 in binutils", "description": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-15024", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-15024", "value": "CVE-2017-15024", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-15024" } ] }, { "id": "a790bec0590fcdb6c12c579c6b41eabc19f201d3aa5fd1bf8fc0913ce4a1f24d", "category": "container_scanning", "message": "CVE-2017-15025 in binutils", "description": "decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-15025", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-15025", "value": "CVE-2017-15025", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-15025" } ] }, { "id": "1eef606cd1a55cf7d6445d224ec7ccab6af07f1977d53aefedc8b777f22c078e", "category": "container_scanning", "message": "CVE-2017-15225 in binutils", "description": "_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-15225", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-15225", "value": "CVE-2017-15225", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-15225" } ] }, { "id": "6323fdbb29c9886db958a2035bd1d60220a9c4eff3c1a5fa1314d60ffc4f40a8", "category": "container_scanning", "message": "CVE-2017-15938 in binutils", "description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).", "cve": "debian:9:binutils:CVE-2017-15938", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-15938", "value": "CVE-2017-15938", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-15938" } ] }, { "id": "fc52e5570ef3e8a2afd1d8badd24ed20aaf23aca94d6a60b03df2c0001860921", "category": "container_scanning", "message": "CVE-2017-15996 in binutils", "description": "elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.", "cve": "debian:9:binutils:CVE-2017-15996", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-15996", "value": "CVE-2017-15996", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-15996" } ] }, { "id": "7ba1eca182b5e1ebe4621669761530d7b0890738f342ce5653bed447a9fae255", "category": "container_scanning", "message": "CVE-2017-16826 in binutils", "description": "The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.", "cve": "debian:9:binutils:CVE-2017-16826", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-16826", "value": "CVE-2017-16826", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-16826" } ] }, { "id": "1fc2d3c3e7a73bacd236031ba93c3699aa88b928c911b68f8a4f6d5d3d090a1f", "category": "container_scanning", "message": "CVE-2017-16827 in binutils", "description": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-16827", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-16827", "value": "CVE-2017-16827", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-16827" } ] }, { "id": "50f640dfd2874156883f76a2de581c5b5b095f50f3e869c7ea18f1c857ff0327", "category": "container_scanning", "message": "CVE-2017-16828 in binutils", "description": "The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.", "cve": "debian:9:binutils:CVE-2017-16828", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-16828", "value": "CVE-2017-16828", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-16828" } ] }, { "id": "a3b307861c28a5c5155347a0604460aa751f0a4cbe5320eaf3707550d1ae15b8", "category": "container_scanning", "message": "CVE-2017-16829 in binutils", "description": "The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-16829", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-16829", "value": "CVE-2017-16829", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-16829" } ] }, { "id": "8ffa20b2a8b623c3ab9652d9bff595c6cb60893aec507ac1aa79c6a75a1d511f", "category": "container_scanning", "message": "CVE-2017-16830 in binutils", "description": "The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-16830", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-16830", "value": "CVE-2017-16830", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-16830" } ] }, { "id": "60b8017fa0b4362fc417762e390bb283acbefd673e91d2409e3430cddc9726a1", "category": "container_scanning", "message": "CVE-2017-16831 in binutils", "description": "coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.", "cve": "debian:9:binutils:CVE-2017-16831", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-16831", "value": "CVE-2017-16831", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-16831" } ] }, { "id": "7b53c00ce7ec80cee9d6fa229b479e2b9854308631649633dca42456590bcd8a", "category": "container_scanning", "message": "CVE-2017-16832 in binutils", "description": "The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.", "cve": "debian:9:binutils:CVE-2017-16832", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-16832", "value": "CVE-2017-16832", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-16832" } ] }, { "id": "8d2eeb5d7737614a7d662d8497c6372882324a735aca6dc7c99138e879dc6beb", "category": "container_scanning", "message": "CVE-2017-17080 in binutils", "description": "elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.", "cve": "debian:9:binutils:CVE-2017-17080", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-17080", "value": "CVE-2017-17080", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-17080" } ] }, { "id": "ebd1614eea8310b58673af1ea2a375f4d261167c6b2f42386c3967161c29d667", "category": "container_scanning", "message": "CVE-2017-17121 in binutils", "description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.", "cve": "debian:9:binutils:CVE-2017-17121", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-17121", "value": "CVE-2017-17121", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-17121" } ] }, { "id": "7789aafe511ec9bbdd90991d2a07b6994156cdeab7bd1a7012fbeeb9d43ccc08", "category": "container_scanning", "message": "CVE-2017-17122 in binutils", "description": "The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.", "cve": "debian:9:binutils:CVE-2017-17122", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-17122", "value": "CVE-2017-17122", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-17122" } ] }, { "id": "2db23e11ae91bbcb76aae11399b5af3abc7538c5cf99d6bf54a916432b01e99c", "category": "container_scanning", "message": "CVE-2017-17123 in binutils", "description": "The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.", "cve": "debian:9:binutils:CVE-2017-17123", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-17123", "value": "CVE-2017-17123", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-17123" } ] }, { "id": "c9ded0ab42ebe6068790ba88f24b6c89bc3de3aa391af97accf2403c60cb27fa", "category": "container_scanning", "message": "CVE-2017-17124 in binutils", "description": "The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.", "cve": "debian:9:binutils:CVE-2017-17124", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-17124", "value": "CVE-2017-17124", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-17124" } ] }, { "id": "1da994a4cd376753daa5ff3e990189ddb14afeb96f3c80eaa697294225119d63", "category": "container_scanning", "message": "CVE-2017-17125 in binutils", "description": "nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-17125", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-17125", "value": "CVE-2017-17125", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-17125" } ] }, { "id": "8c5d21bad11325bad539903a48dd9430bfb83d83ef262a83b85f22a2a7306df5", "category": "container_scanning", "message": "CVE-2017-17126 in binutils", "description": "The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.", "cve": "debian:9:binutils:CVE-2017-17126", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-17126", "value": "CVE-2017-17126", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-17126" } ] }, { "id": "261f8d3323db5f64c876e5d31ca9128ccb8a3fe09890ca9aa2725c63ae933080", "category": "container_scanning", "message": "CVE-2017-9038 in binutils", "description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.", "cve": "debian:9:binutils:CVE-2017-9038", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9038", "value": "CVE-2017-9038", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9038" } ] }, { "id": "977936380f9909313c162d1a1cac670ca99670cc21c16c61dbe2adf8ca782f09", "category": "container_scanning", "message": "CVE-2017-9039 in binutils", "description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.", "cve": "debian:9:binutils:CVE-2017-9039", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9039", "value": "CVE-2017-9039", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9039" } ] }, { "id": "3f7a3f12371e15cae0af1ceef449dd9eb29af72b0de440fb15df4ba8988896a4", "category": "container_scanning", "message": "CVE-2017-9040 in binutils", "description": "GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.", "cve": "debian:9:binutils:CVE-2017-9040", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9040", "value": "CVE-2017-9040", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9040" } ] }, { "id": "db2bb47b09c535d982f58d8e480cfb3d66cb1866f320008faada32481654a90d", "category": "container_scanning", "message": "CVE-2017-9041 in binutils", "description": "GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.", "cve": "debian:9:binutils:CVE-2017-9041", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9041", "value": "CVE-2017-9041", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9041" } ] }, { "id": "a42373af98d82ee156d26e543fd5a247e0f8ec6e54d9acae8bfcc398d516209d", "category": "container_scanning", "message": "CVE-2017-9042 in binutils", "description": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-9042", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9042", "value": "CVE-2017-9042", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9042" } ] }, { "id": "73920b11235a2b574eba386dbbb6630c56c84bedbc1b179c4b8459148b15a3e0", "category": "container_scanning", "message": "CVE-2017-9043 in binutils", "description": "readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-9043", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9043", "value": "CVE-2017-9043", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9043" } ] }, { "id": "9d2b8236949ed6b4dcee773c0c3cae5b590f1d8caa06042e9b8946e7d9c08304", "category": "container_scanning", "message": "CVE-2017-9044 in binutils", "description": "The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2017-9044", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9044", "value": "CVE-2017-9044", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9044" } ] }, { "id": "109a49513fb78462db3d6c362f3e0af3640856374cf0ad009edf53d4ae97d2b9", "category": "container_scanning", "message": "CVE-2017-9742 in binutils", "description": "The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9742", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9742", "value": "CVE-2017-9742", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9742" } ] }, { "id": "c9d8d624c0b303d23b9c718508495584d243f989b8194bbc59f0b33c8b888fc0", "category": "container_scanning", "message": "CVE-2017-9743 in binutils", "description": "The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9743", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9743", "value": "CVE-2017-9743", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9743" } ] }, { "id": "f111e061bfb6ba6d26bcd4ffcbb8ab3cbb9db9b01794e77f52959074e0897e63", "category": "container_scanning", "message": "CVE-2017-9744 in binutils", "description": "The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9744", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9744", "value": "CVE-2017-9744", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9744" } ] }, { "id": "e078b3d0b899af886e8982d3c32b5dd7025f1eacd41a997eb1c361b422bd47a3", "category": "container_scanning", "message": "CVE-2017-9745 in binutils", "description": "The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9745", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9745", "value": "CVE-2017-9745", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9745" } ] }, { "id": "10d778b4d823e80392d7c402a8fbfd1996813ba36f4e75ae06dbfb284fed9bd6", "category": "container_scanning", "message": "CVE-2017-9746 in binutils", "description": "The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9746", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9746", "value": "CVE-2017-9746", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9746" } ] }, { "id": "f47c30b0c1b1000630e600e45e4a0374c025ea2ad32230c0d836e9db0654a6eb", "category": "container_scanning", "message": "CVE-2017-9747 in binutils", "description": "The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", "cve": "debian:9:binutils:CVE-2017-9747", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9747", "value": "CVE-2017-9747", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9747" } ] }, { "id": "2f8b3170d205785e30eac02f302238843b11f7a98ae7945e8c93cdd0190fd2c1", "category": "container_scanning", "message": "CVE-2017-9748 in binutils", "description": "The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.", "cve": "debian:9:binutils:CVE-2017-9748", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9748", "value": "CVE-2017-9748", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9748" } ] }, { "id": "cfdf7f2afc3dd9683567d1350005147a30e12221d0ea38ea1ec9d708b10317f6", "category": "container_scanning", "message": "CVE-2017-9749 in binutils", "description": "The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9749", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9749", "value": "CVE-2017-9749", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9749" } ] }, { "id": "03bf556859a2f86369c43586031e369cae822741e07a5a240b4fa2a915faa368", "category": "container_scanning", "message": "CVE-2017-9750 in binutils", "description": "opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9750", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9750", "value": "CVE-2017-9750", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9750" } ] }, { "id": "f93d13aff187c6aab88c685184b27d6c09548c0b84c0778b2bc559da648e7a73", "category": "container_scanning", "message": "CVE-2017-9751 in binutils", "description": "opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9751", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9751", "value": "CVE-2017-9751", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9751" } ] }, { "id": "7d4728d59bffd304dead9d67e8b4231ac10a1ea74a316e709c20ec952b815860", "category": "container_scanning", "message": "CVE-2017-9752 in binutils", "description": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9752", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9752", "value": "CVE-2017-9752", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9752" } ] }, { "id": "21b89376b2f332442e2723fb08609ef0082fd1e98dd2db56ed5c2d6f3368af9e", "category": "container_scanning", "message": "CVE-2017-9753 in binutils", "description": "The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9753", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9753", "value": "CVE-2017-9753", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9753" } ] }, { "id": "5aa5bc6138736fbc2548303d275d8b20f2aaf78f68cb5668f5e8e4f3547f5be3", "category": "container_scanning", "message": "CVE-2017-9754 in binutils", "description": "The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9754", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9754", "value": "CVE-2017-9754", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9754" } ] }, { "id": "e667862cddd96d36b313210fe1c0e68e7ab2b83c23e388e7250d292c3de9f56e", "category": "container_scanning", "message": "CVE-2017-9755 in binutils", "description": "opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9755", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9755", "value": "CVE-2017-9755", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9755" } ] }, { "id": "9d88ae0bac9f86d386242ba2eeac519f79213bcc70cb1485c29129eb9623eb7d", "category": "container_scanning", "message": "CVE-2017-9756 in binutils", "description": "The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.", "cve": "debian:9:binutils:CVE-2017-9756", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9756", "value": "CVE-2017-9756", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9756" } ] }, { "id": "60383bba01dde22838d2662e0eb049362b058fd2720d23a851da1a491ef4c1b5", "category": "container_scanning", "message": "CVE-2018-1000876 in binutils", "description": "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.", "cve": "debian:9:binutils:CVE-2018-1000876", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-1000876", "value": "CVE-2018-1000876", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-1000876" } ] }, { "id": "d03b4d7c3b4e8558812094bcc49db497fc1906f148c16a915eb5abd1089f0faa", "category": "container_scanning", "message": "CVE-2018-12697 in binutils", "description": "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.", "cve": "debian:9:binutils:CVE-2018-12697", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12697", "value": "CVE-2018-12697", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12697" } ] }, { "id": "8b4c21186dafed6763ca510373655c3597b8bd2722f3d3b8e44d892853fcc7c6", "category": "container_scanning", "message": "CVE-2018-12698 in binutils", "description": "demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the \"Create an array for saving the template argument values\" XNEWVEC call. This can occur during execution of objdump.", "cve": "debian:9:binutils:CVE-2018-12698", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12698", "value": "CVE-2018-12698", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12698" } ] }, { "id": "ae2b0914e30a102255e43dfd1011b954e741cfcd7591f9f593d9726b810833cb", "category": "container_scanning", "message": "CVE-2018-12699 in binutils", "description": "finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.", "cve": "debian:9:binutils:CVE-2018-12699", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12699", "value": "CVE-2018-12699", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12699" } ] }, { "id": "c44be97573c85879eaf13803742946fecd95ee9f676ac9563e7c6605b888093e", "category": "container_scanning", "message": "CVE-2018-12700 in binutils", "description": "A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.", "cve": "debian:9:binutils:CVE-2018-12700", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12700", "value": "CVE-2018-12700", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12700" } ] }, { "id": "bfda0ce89cc32257ba75b4dce107c01251924dee109233065f80958f4d11d162", "category": "container_scanning", "message": "CVE-2018-12934 in binutils", "description": "remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.", "cve": "debian:9:binutils:CVE-2018-12934", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12934", "value": "CVE-2018-12934", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12934" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12934" } ] }, { "id": "44050f520cbd5fbee45ca82e6ed2d3ad244c181d1d7843dcf02e5ca9f33827cf", "category": "container_scanning", "message": "CVE-2018-13033 in binutils", "description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.", "cve": "debian:9:binutils:CVE-2018-13033", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-13033", "value": "CVE-2018-13033", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13033" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-13033" } ] }, { "id": "38e0aad17d7278571cff23626e37cabafe29fdd25867511cb023d0332a643823", "category": "container_scanning", "message": "CVE-2018-17358 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2018-17358", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-17358", "value": "CVE-2018-17358", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17358" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-17358" } ] }, { "id": "a020e6fc05d52579f91c9cde9718552be86556888b95b70c280869ef7ba07f9b", "category": "container_scanning", "message": "CVE-2018-17359 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2018-17359", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-17359", "value": "CVE-2018-17359", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17359" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-17359" } ] }, { "id": "f57e1efa0b2b52eebe3c03660ee6df7fa1aa8159197b5eb1fe8a8cea19153d53", "category": "container_scanning", "message": "CVE-2018-17360 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump.", "cve": "debian:9:binutils:CVE-2018-17360", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-17360", "value": "CVE-2018-17360", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17360" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-17360" } ] }, { "id": "d681543a10dfe8d32cb99ff907ad69e5be904b55a450d3c48b63e7ac76c819bd", "category": "container_scanning", "message": "CVE-2018-17794 in binutils", "description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.", "cve": "debian:9:binutils:CVE-2018-17794", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-17794", "value": "CVE-2018-17794", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-17794" } ] }, { "id": "ef97762adb89f02e845c893309f33be7da717dc81993d71df866899e8cdd5e3c", "category": "container_scanning", "message": "CVE-2018-17985 in binutils", "description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls to itself in certain scenarios involving many 'P' characters.", "cve": "debian:9:binutils:CVE-2018-17985", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-17985", "value": "CVE-2018-17985", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-17985" } ] }, { "id": "94fdb968713bdbf345444f8e2b239ba52a46a8b37749822c7e917cd501887268", "category": "container_scanning", "message": "CVE-2018-18309 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking.", "cve": "debian:9:binutils:CVE-2018-18309", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-18309", "value": "CVE-2018-18309", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18309" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-18309" } ] }, { "id": "e6825678e385cf2678edc816b8fe201e52a52f0218192ce051403d4fdb8e2b97", "category": "container_scanning", "message": "CVE-2018-18483 in binutils", "description": "The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.", "cve": "debian:9:binutils:CVE-2018-18483", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-18483", "value": "CVE-2018-18483", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18483" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-18483" } ] }, { "id": "e9d8c2ea4297b4186f76d62f0b268d269d50321540f43beac12155cb5d824381", "category": "container_scanning", "message": "CVE-2018-18484 in binutils", "description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there is a stack consumption problem caused by recursive stack frames: cplus_demangle_type, d_bare_function_type, d_function_type.", "cve": "debian:9:binutils:CVE-2018-18484", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-18484", "value": "CVE-2018-18484", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-18484" } ] }, { "id": "c48322120807b6b66aa793278cf4b98e35de73ca57d14fe1c3a176d35e8d34e4", "category": "container_scanning", "message": "CVE-2018-18605 in binutils", "description": "A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because _bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "cve": "debian:9:binutils:CVE-2018-18605", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-18605", "value": "CVE-2018-18605", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-18605" } ] }, { "id": "71a1307e1321951a2b19d4d755155d96033034efcabd09f96d2e44cb6c632882", "category": "container_scanning", "message": "CVE-2018-18606 in binutils", "description": "An issue was discovered in the merge_strings function in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "cve": "debian:9:binutils:CVE-2018-18606", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-18606", "value": "CVE-2018-18606", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-18606" } ] }, { "id": "03cae6a983796bcdde5a4617811d3f5ace7f99209aa1b7802f9a696a4786717c", "category": "container_scanning", "message": "CVE-2018-18607 in binutils", "description": "An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld.", "cve": "debian:9:binutils:CVE-2018-18607", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-18607", "value": "CVE-2018-18607", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-18607" } ] }, { "id": "bef978a4b42a5d8d00e2ee13cb10d8cde8d6ca45134e8bce5cf5bbae5e630102", "category": "container_scanning", "message": "CVE-2018-18700 in binutils", "description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "cve": "debian:9:binutils:CVE-2018-18700", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-18700", "value": "CVE-2018-18700", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-18700" } ] }, { "id": "dc3d1d1da131a75846728641c75c3b7ee36485115f42d304b44d252cbae18462", "category": "container_scanning", "message": "CVE-2018-18701 in binutils", "description": "An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.", "cve": "debian:9:binutils:CVE-2018-18701", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-18701", "value": "CVE-2018-18701", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-18701" } ] }, { "id": "48c7c1232d345d264bef7b75648d516c91e0bd435f08304a2b2ec2aa176c601f", "category": "container_scanning", "message": "CVE-2018-19931 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.", "cve": "debian:9:binutils:CVE-2018-19931", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-19931", "value": "CVE-2018-19931", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-19931" } ] }, { "id": "7759d1ed32e55e9962c3140d8942f4533c8ff4a2f772abdde0cf7d692ca1c4b7", "category": "container_scanning", "message": "CVE-2018-19932 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA macro in elf.c.", "cve": "debian:9:binutils:CVE-2018-19932", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-19932", "value": "CVE-2018-19932", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-19932" } ] }, { "id": "5b022aaa7282ed7b25bcf63b8d1efaf02be7d54a7c2f4a63f3bf7f8b61455a75", "category": "container_scanning", "message": "CVE-2018-20002 in binutils", "description": "The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm.", "cve": "debian:9:binutils:CVE-2018-20002", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20002", "value": "CVE-2018-20002", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20002" } ] }, { "id": "9ee24de2964778986bf72bbc4227b34795a6c847f8668e13c21f491f6c6b6685", "category": "container_scanning", "message": "CVE-2018-20623 in binutils", "description": "In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2018-20623", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20623", "value": "CVE-2018-20623", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20623" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20623" } ] }, { "id": "a8e222218d6c271cd980821fc9d8cd20bdbbbaa30437190279e659dfa9a8506a", "category": "container_scanning", "message": "CVE-2018-20651 in binutils", "description": "A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.", "cve": "debian:9:binutils:CVE-2018-20651", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20651", "value": "CVE-2018-20651", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20651" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20651" } ] }, { "id": "4e53e9e00c46d0119d3474dcec38b472ce099d982dc8b28af8bc02e4cd7ddf51", "category": "container_scanning", "message": "CVE-2018-20671 in binutils", "description": "load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.", "cve": "debian:9:binutils:CVE-2018-20671", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20671", "value": "CVE-2018-20671", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20671" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20671" } ] }, { "id": "ad3b51fcb873ca73e16e73e32b6abb2dbb73ff7a5a7511f0b5a5bb7d259f21e4", "category": "container_scanning", "message": "CVE-2018-20673 in binutils", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \"Create an array for saving the template argument values\") that can trigger a heap-based buffer overflow, as demonstrated by nm.", "cve": "debian:9:binutils:CVE-2018-20673", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20673", "value": "CVE-2018-20673", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20673" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20673" } ] }, { "id": "76c68f940faa369376ff7771e8888e004836a87434d1c804f7d1413e17ebc1c6", "category": "container_scanning", "message": "CVE-2018-20712 in binutils", "description": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.", "cve": "debian:9:binutils:CVE-2018-20712", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20712", "value": "CVE-2018-20712", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20712" } ] }, { "id": "6c9b0ca482979fb146dc574a2956328f7e0c520ca36b19f1311711e58c81945a", "category": "container_scanning", "message": "CVE-2018-8945 in binutils", "description": "The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.", "cve": "debian:9:binutils:CVE-2018-8945", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-8945", "value": "CVE-2018-8945", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-8945" } ] }, { "id": "8b16a27de80043090608aa79835912cd80c477263e21aea4695be203b53f1e33", "category": "container_scanning", "message": "CVE-2018-9138 in binutils", "description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type.", "cve": "debian:9:binutils:CVE-2018-9138", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-9138", "value": "CVE-2018-9138", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9138" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-9138" } ] }, { "id": "2f96bafd23f21af13689bcd64bedfd85a14b6c21e545954854f0d00c589e15ea", "category": "container_scanning", "message": "CVE-2018-9996 in binutils", "description": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.", "cve": "debian:9:binutils:CVE-2018-9996", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-9996", "value": "CVE-2018-9996", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9996" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-9996" } ] }, { "id": "b6c295fd80956cbd0541a433c66bfa08ae08d8481dbd350dbfee585ddff0c2ba", "category": "container_scanning", "message": "CVE-2019-1010180 in binutils", "description": "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.", "cve": "debian:9:binutils:CVE-2019-1010180", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-1010180", "value": "CVE-2019-1010180", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010180" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010180" } ] }, { "id": "35ff5133d154d3291154a8eb2ca41c83922b1a234bd7c140c434dba3092d7958", "category": "container_scanning", "message": "CVE-2019-1010204 in binutils", "description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.", "cve": "debian:9:binutils:CVE-2019-1010204", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-1010204", "value": "CVE-2019-1010204", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010204" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010204" } ] }, { "id": "a45c5fa98e32ed6be88344813d4e10f5f6d4609ffc8aebd6a99b02015ffb886b", "category": "container_scanning", "message": "CVE-2019-12972 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\0' character.", "cve": "debian:9:binutils:CVE-2019-12972", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12972", "value": "CVE-2019-12972", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12972" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12972" } ] }, { "id": "d60892b5879889cb3dd20580cf9c2592ee98be3109d7a3bbfd2b6942a4169964", "category": "container_scanning", "message": "CVE-2019-14250 in binutils", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "cve": "debian:9:binutils:CVE-2019-14250", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-14250", "value": "CVE-2019-14250", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14250" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-14250" } ] }, { "id": "9c2b951b803633820a1a6c7c113f382939d1fd0bc9233f5984149c2f1d1be8ad", "category": "container_scanning", "message": "CVE-2019-14444 in binutils", "description": "apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf.", "cve": "debian:9:binutils:CVE-2019-14444", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-14444", "value": "CVE-2019-14444", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14444" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-14444" } ] }, { "id": "c8d2bc98a737b7f1a04df9de5954eff288c1c7f9ce9979755531321370250d7b", "category": "container_scanning", "message": "CVE-2019-17450 in binutils", "description": "find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2019-17450", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-17450", "value": "CVE-2019-17450", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17450" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-17450" } ] }, { "id": "820800c19cd75340d4b1a813015280e37c9a10cb184c90c058b0c8323dd0b67a", "category": "container_scanning", "message": "CVE-2019-17451 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm.", "cve": "debian:9:binutils:CVE-2019-17451", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-17451", "value": "CVE-2019-17451", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17451" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-17451" } ] }, { "id": "6c57ad9b38e5b876fe392ace58e412e580b73bd8099b29ffec910e343a8f76dd", "category": "container_scanning", "message": "CVE-2019-9070 in binutils", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls.", "cve": "debian:9:binutils:CVE-2019-9070", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9070", "value": "CVE-2019-9070", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9070" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9070" } ] }, { "id": "8981f1e37d224ca2714f6a92bb097a23764440f878534fb178c43f0a840b5166", "category": "container_scanning", "message": "CVE-2019-9071 in binutils", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.", "cve": "debian:9:binutils:CVE-2019-9071", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9071", "value": "CVE-2019-9071", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9071" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9071" } ] }, { "id": "b1b1ad203f2078b49244f6a22bc6d20c625d9fbed9c7395a98f5793e282bda6d", "category": "container_scanning", "message": "CVE-2019-9073 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c.", "cve": "debian:9:binutils:CVE-2019-9073", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9073", "value": "CVE-2019-9073", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9073" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9073" } ] }, { "id": "362e7297acdcd9b9c11ec3fc324c2fc0a6654b09117f16dc43576403f56ee673", "category": "container_scanning", "message": "CVE-2019-9074 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c.", "cve": "debian:9:binutils:CVE-2019-9074", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9074", "value": "CVE-2019-9074", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9074" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9074" } ] }, { "id": "efe1114014c688f7875e5101e614f0d595324a6297ca7f558e7785e630383a95", "category": "container_scanning", "message": "CVE-2019-9075 in binutils", "description": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.", "cve": "debian:9:binutils:CVE-2019-9075", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9075", "value": "CVE-2019-9075", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9075" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9075" } ] }, { "id": "e9e75f1a3e8da41287e592534c86dd644b066e57bda9be49ba9f158d1b7c5b7c", "category": "container_scanning", "message": "CVE-2019-9077 in binutils", "description": "An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.", "cve": "debian:9:binutils:CVE-2019-9077", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9077", "value": "CVE-2019-9077", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9077" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9077" } ] }, { "id": "ac012119d31a2abebce30ae673ef42a6e52e151c8b107af1d1e64d9e3637bf8d", "category": "container_scanning", "message": "CVE-2016-2781 in coreutils", "description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "cve": "debian:9:coreutils:CVE-2016-2781", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "coreutils" }, "version": "8.26-3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2016-2781", "value": "CVE-2016-2781", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2016-2781" } ] }, { "id": "6a25086d49a5266fb6235b0a896021a99811c647efeff201fbdb23ced185f223", "category": "container_scanning", "message": "CVE-2017-18018 in coreutils", "description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "cve": "debian:9:coreutils:CVE-2017-18018", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "coreutils" }, "version": "8.26-3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-18018", "value": "CVE-2017-18018", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-18018" } ] }, { "id": "89fbb18a2dfbf31a2d8cf83cb8a8faccb9eda401a953760b5ab5705e2109a923", "category": "container_scanning", "message": "CVE-2013-0340 in expat", "description": "expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", "cve": "debian:9:expat:CVE-2013-0340", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "expat" }, "version": "2.2.0-2+deb9u3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2013-0340", "value": "CVE-2013-0340", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0340" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2013-0340" } ] }, { "id": "61733a7bf94c5ad3769273bac4f0483f64c8aa28e8b25ed3a9fb74d17915cea9", "category": "container_scanning", "message": "CVE-2010-4051 in glibc", "description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"", "cve": "debian:9:glibc:CVE-2010-4051", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2010-4051", "value": "CVE-2010-4051", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4051" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2010-4051" } ] }, { "id": "0fc034d5b209c066139d1b99737af5a9e7c7e4a74d7b19445309641bc61a5812", "category": "container_scanning", "message": "CVE-2010-4052 in glibc", "description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.", "cve": "debian:9:glibc:CVE-2010-4052", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2010-4052", "value": "CVE-2010-4052", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4052" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2010-4052" } ] }, { "id": "055fc1c8b4908efac9ad77c978b6274b8d81b74a02404b8dff652d3fb8953694", "category": "container_scanning", "message": "CVE-2010-4756 in glibc", "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cve": "debian:9:glibc:CVE-2010-4756", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2010-4756", "value": "CVE-2010-4756", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2010-4756" } ] }, { "id": "99b3ebe4236b9dd17977ea591c9972b3e4616656798035b0c4a70eb29bfa1845", "category": "container_scanning", "message": "CVE-2015-8985 in glibc", "description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.", "cve": "debian:9:glibc:CVE-2015-8985", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2015-8985", "value": "CVE-2015-8985", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2015-8985" } ] }, { "id": "432a95853e232b48a38951f7f955dc06fb5e85d4eb4dbbe72b48552f9907cda3", "category": "container_scanning", "message": "CVE-2016-10228 in glibc", "description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.", "cve": "debian:9:glibc:CVE-2016-10228", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2016-10228", "value": "CVE-2016-10228", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2016-10228" } ] }, { "id": "c110abdaa5969a7bdd6dd4a16fd24b5ae1579d90f09777cc2a06f654acb86bad", "category": "container_scanning", "message": "CVE-2018-20796 in glibc", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cve": "debian:9:glibc:CVE-2018-20796", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20796", "value": "CVE-2018-20796", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20796" } ] }, { "id": "e66988c5ad5557445fa441135f88746596c5c3f21a96a4aae6ee55c1f13ffcf3", "category": "container_scanning", "message": "CVE-2019-1010022 in glibc", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.", "cve": "debian:9:glibc:CVE-2019-1010022", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-1010022", "value": "CVE-2019-1010022", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010022" } ] }, { "id": "867155cb854f74249fb4cfaf1d558d502594efd054d5920eb9ee3788fe55d550", "category": "container_scanning", "message": "CVE-2019-1010023 in glibc", "description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.", "cve": "debian:9:glibc:CVE-2019-1010023", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-1010023", "value": "CVE-2019-1010023", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010023" } ] }, { "id": "cc6db511772b3f6090788c58c03d1f70b496301705acdd56821125cf733bc606", "category": "container_scanning", "message": "CVE-2019-1010024 in glibc", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.", "cve": "debian:9:glibc:CVE-2019-1010024", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-1010024", "value": "CVE-2019-1010024", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010024" } ] }, { "id": "8a9abfe3080288ff6402584cc2d2bb95602044436b01f4609d78faa3e1f8671d", "category": "container_scanning", "message": "CVE-2019-1010025 in glibc", "description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"", "cve": "debian:9:glibc:CVE-2019-1010025", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-1010025", "value": "CVE-2019-1010025", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-1010025" } ] }, { "id": "2469c47b39182a0e5c8995e0a1e7663660711acea431418d0e9d361d9a199a7f", "category": "container_scanning", "message": "CVE-2019-6488 in glibc", "description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.", "cve": "debian:9:glibc:CVE-2019-6488", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-6488", "value": "CVE-2019-6488", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-6488" } ] }, { "id": "5db8ac2c1425afdfa462538922888abedeab74cf8ef8e7085be7f6f4976f0b7d", "category": "container_scanning", "message": "CVE-2019-7309 in glibc", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.", "cve": "debian:9:glibc:CVE-2019-7309", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-7309", "value": "CVE-2019-7309", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-7309" } ] }, { "id": "ba99d14ea239cfb98efa49018e0e2b00fdfd2ed7d3f3d1e991df066f7e3db944", "category": "container_scanning", "message": "CVE-2019-9192 in glibc", "description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.", "cve": "debian:9:glibc:CVE-2019-9192", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9192", "value": "CVE-2019-9192", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9192" } ] }, { "id": "af9aa6648dd930decf86f6955ccba2b73385d48336fd00cecf91d3cea8646ffa", "category": "container_scanning", "message": "CVE-2020-6096 in glibc", "description": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.", "cve": "debian:9:glibc:CVE-2020-6096", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-6096", "value": "CVE-2020-6096", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-6096" } ] }, { "id": "29a31828fccb60c0047bb3e9177390e5c1ebb801a7540530b8f53dd07b268667", "category": "container_scanning", "message": "CVE-2018-1000858 in gnupg2", "description": "GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.", "cve": "debian:9:gnupg2:CVE-2018-1000858", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "gnupg2" }, "version": "2.1.18-8~deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-1000858", "value": "CVE-2018-1000858", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000858" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-1000858" } ] }, { "id": "98fd6949ce077b8771f3f8a9f12cbdd54ec89da038ed8b1e8423aaceb21a74d0", "category": "container_scanning", "message": "CVE-2018-9234 in gnupg2", "description": "GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.", "cve": "debian:9:gnupg2:CVE-2018-9234", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "gnupg2" }, "version": "2.1.18-8~deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-9234", "value": "CVE-2018-9234", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9234" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-9234" } ] }, { "id": "82d0cd2a720a9aa17d3e61a0a60c42e5d42c0dcca0a36f73ed9613d461a6424f", "category": "container_scanning", "message": "CVE-2019-14855 in gnupg2", "description": "A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.", "cve": "debian:9:gnupg2:CVE-2019-14855", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "gnupg2" }, "version": "2.1.18-8~deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-14855", "value": "CVE-2019-14855", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-14855" } ] }, { "id": "45f2d4546c8a52e02ce28042eb4a9813cc9feeeef4d3c824b828c8cb2f05dbc9", "category": "container_scanning", "message": "CVE-2018-6829 in libgcrypt20", "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cve": "debian:9:libgcrypt20:CVE-2018-6829", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "libgcrypt20" }, "version": "1.7.6-2+deb9u3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-6829", "value": "CVE-2018-6829", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-6829" } ] }, { "id": "44e43bb2e4320f0ed218ade67d17cc22d4fe732e24d2d637cadffeaf7773416a", "category": "container_scanning", "message": "CVE-2004-0230 in linux", "description": "TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.", "cve": "debian:9:linux:CVE-2004-0230", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2004-0230", "value": "CVE-2004-0230", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0230" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2004-0230" } ] }, { "id": "6e22a9cf5e96ffb0ec6609c3e56545de8ad719480cf48016a780014095969af3", "category": "container_scanning", "message": "CVE-2005-3660 in linux", "description": "Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.", "cve": "debian:9:linux:CVE-2005-3660", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2005-3660", "value": "CVE-2005-3660", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3660" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2005-3660" } ] }, { "id": "a717294e52417dbf21a7fc20c5980a0eaa1e7be42e45ab9b85ddd6e4058ff1ad", "category": "container_scanning", "message": "CVE-2007-3719 in linux", "description": "The process scheduler in the Linux kernel 2.6.16 gives preference to \"interactive\" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \"Secretly Monopolizing the CPU Without Superuser Privileges.\"", "cve": "debian:9:linux:CVE-2007-3719", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2007-3719", "value": "CVE-2007-3719", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3719" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2007-3719" } ] }, { "id": "bfa994aa10f46408999fe6148b452ff9ce25d246738e14a983c22a5390f8eec9", "category": "container_scanning", "message": "CVE-2008-2544 in linux", "description": "linux:4.9.228-1 is affected by CVE-2008-2544", "cve": "debian:9:linux:CVE-2008-2544", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2008-2544", "value": "CVE-2008-2544", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2544" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2008-2544" } ] }, { "id": "8b72437edd0193ea911c591b2c46d93385291101d942d9b9245ba48190f4988c", "category": "container_scanning", "message": "CVE-2008-4609 in linux", "description": "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.", "cve": "debian:9:linux:CVE-2008-4609", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2008-4609", "value": "CVE-2008-4609", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2008-4609" } ] }, { "id": "5a65ff1ecddc3614c0839bcf786d9b1321e60a2abb20d88c370b3d829b5f6e8a", "category": "container_scanning", "message": "CVE-2010-4563 in linux", "description": "The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.", "cve": "debian:9:linux:CVE-2010-4563", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2010-4563", "value": "CVE-2010-4563", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4563" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2010-4563" } ] }, { "id": "5ebdf6c3a72004c0f4abfbaa7a7a1a2e5ea6bfb85d14ad2a88d3d716c218ac18", "category": "container_scanning", "message": "CVE-2010-5321 in linux", "description": "Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.", "cve": "debian:9:linux:CVE-2010-5321", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2010-5321", "value": "CVE-2010-5321", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5321" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2010-5321" } ] }, { "id": "255ee35d5756ab16013a1cd4094642b47cf0978b6c9438569fa6332f71ecffaf", "category": "container_scanning", "message": "CVE-2011-4915 in linux", "description": "fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.", "cve": "debian:9:linux:CVE-2011-4915", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2011-4915", "value": "CVE-2011-4915", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4915" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2011-4915" } ] }, { "id": "a6ffd23e5b388e25c696de9ea2b338d5938527b85f7cfd7374f93eac9c7289a6", "category": "container_scanning", "message": "CVE-2011-4917 in linux", "description": "linux:4.9.228-1 is affected by CVE-2011-4917", "cve": "debian:9:linux:CVE-2011-4917", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2011-4917", "value": "CVE-2011-4917", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4917" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2011-4917" } ] }, { "id": "923daeb7cef3da4c0f5eb3a575f3d6db958fd19b0cb501e2c006913138140cf3", "category": "container_scanning", "message": "CVE-2012-4542 in linux", "description": "block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.", "cve": "debian:9:linux:CVE-2012-4542", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2012-4542", "value": "CVE-2012-4542", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4542" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2012-4542" } ] }, { "id": "e7d1969d0b772e4b47e1562bead4f38f0ab1f18802c5125851503164a58a01fa", "category": "container_scanning", "message": "CVE-2014-9892 in linux", "description": "The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.", "cve": "debian:9:linux:CVE-2014-9892", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2014-9892", "value": "CVE-2014-9892", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9892" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2014-9892" } ] }, { "id": "d312e1ff18e8c425828f2ecae70ae3c6c34402e8e203376886c123649220ed6a", "category": "container_scanning", "message": "CVE-2014-9900 in linux", "description": "The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.", "cve": "debian:9:linux:CVE-2014-9900", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2014-9900", "value": "CVE-2014-9900", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9900" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2014-9900" } ] }, { "id": "573543edd1ee0a5d4c68b1eec3cb9f40182bac71b7e5bc4614896d8859e6b20b", "category": "container_scanning", "message": "CVE-2015-2877 in linux", "description": "** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states \"Basically if you care about this attack vector, disable deduplication.\" Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.", "cve": "debian:9:linux:CVE-2015-2877", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2015-2877", "value": "CVE-2015-2877", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2877" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2015-2877" } ] }, { "id": "f2e997a4e280890b778c4f9ce0da400e44cd315af104363d0683bf7687fc03ac", "category": "container_scanning", "message": "CVE-2016-10723 in linux", "description": "** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \"the underlying problem is non-trivial to handle.\"", "cve": "debian:9:linux:CVE-2016-10723", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2016-10723", "value": "CVE-2016-10723", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10723" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2016-10723" } ] }, { "id": "2484396a8d28b6834ad7f42955451a3e23807a5b6c76ea93f06e7bab2f168941", "category": "container_scanning", "message": "CVE-2016-8660 in linux", "description": "The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \"page lock order bug in the XFS seek hole/data implementation.\"", "cve": "debian:9:linux:CVE-2016-8660", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2016-8660", "value": "CVE-2016-8660", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8660" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2016-8660" } ] }, { "id": "230ad08f1fdba7de1b4c4ab2c5a8f66b0775c3b326c59eb027dfcb8197054ce2", "category": "container_scanning", "message": "CVE-2017-11472 in linux", "description": "The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", "cve": "debian:9:linux:CVE-2017-11472", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-11472", "value": "CVE-2017-11472", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11472" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-11472" } ] }, { "id": "4ecc9984a7196a1f1355a41c74e933e0e1996e3976ef9407be00f82a4d6c91d9", "category": "container_scanning", "message": "CVE-2017-12762 in linux", "description": "In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.", "cve": "debian:9:linux:CVE-2017-12762", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12762", "value": "CVE-2017-12762", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12762" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12762" } ] }, { "id": "23f2c8626308fc20909aae0886f0457061b4051f3329d6dfa4c876a1a234445c", "category": "container_scanning", "message": "CVE-2017-13693 in linux", "description": "The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", "cve": "debian:9:linux:CVE-2017-13693", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-13693", "value": "CVE-2017-13693", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13693" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-13693" } ] }, { "id": "95ddd8334d6cf8ffb975c26086a8b774f8f6d936ca709dd29809ca5f62bb3a8d", "category": "container_scanning", "message": "CVE-2017-13694 in linux", "description": "The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", "cve": "debian:9:linux:CVE-2017-13694", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-13694", "value": "CVE-2017-13694", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13694" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-13694" } ] }, { "id": "7f4743684e74c63917cf9310dacd38299956c34de064a79c46f180b89dc858e3", "category": "container_scanning", "message": "CVE-2017-13695 in linux", "description": "The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.", "cve": "debian:9:linux:CVE-2017-13695", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-13695", "value": "CVE-2017-13695", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13695" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-13695" } ] }, { "id": "08c35515904bab3e2b306353c5ff74dde2bf08267992c47ed2a47074723d1af8", "category": "container_scanning", "message": "CVE-2017-9986 in linux", "description": "The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a \"double fetch\" vulnerability.", "cve": "debian:9:linux:CVE-2017-9986", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9986", "value": "CVE-2017-9986", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9986" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9986" } ] }, { "id": "1c5fe2560ce9ad4cf4433cb8e0f81494ba31127d7c6653e63e7eb5831ce7b040", "category": "container_scanning", "message": "CVE-2018-1121 in linux", "description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.", "cve": "debian:9:linux:CVE-2018-1121", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-1121", "value": "CVE-2018-1121", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-1121" } ] }, { "id": "5427bea6337816a885169a74e60f2eea33b7d4031ed3a7b292dfe2017282e980", "category": "container_scanning", "message": "CVE-2018-12928 in linux", "description": "In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.", "cve": "debian:9:linux:CVE-2018-12928", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12928", "value": "CVE-2018-12928", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12928" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12928" } ] }, { "id": "93504efb06f19069fac07101b0e42860b84381bc0ad6d7a2d72853ab7bd74d2f", "category": "container_scanning", "message": "CVE-2018-20669 in linux", "description": "An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.", "cve": "debian:9:linux:CVE-2018-20669", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20669", "value": "CVE-2018-20669", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20669" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20669" } ] }, { "id": "5841b06ef28dc889dbdf240ad8c03580fdb5f3c5386aa7c5446db73b3f9eb005", "category": "container_scanning", "message": "CVE-2018-8043 in linux", "description": "The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).", "cve": "debian:9:linux:CVE-2018-8043", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-8043", "value": "CVE-2018-8043", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8043" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-8043" } ] }, { "id": "d3ca5c796cc9b69d8630518841f1a095ac49eb0130756cbd83d3cb160757de3a", "category": "container_scanning", "message": "CVE-2019-11191 in linux", "description": "** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.", "cve": "debian:9:linux:CVE-2019-11191", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-11191", "value": "CVE-2019-11191", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11191" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-11191" } ] }, { "id": "648d35527e9f99e5ab3d0285509cdf3d1f0747cca38c8278a103d82fd3a9d2c9", "category": "container_scanning", "message": "CVE-2019-12378 in linux", "description": "** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.", "cve": "debian:9:linux:CVE-2019-12378", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12378", "value": "CVE-2019-12378", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12378" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12378" } ] }, { "id": "7fd1f55a2de36c66fadca5e205936a55236afce37ff7939869b210acb6114581", "category": "container_scanning", "message": "CVE-2019-12379 in linux", "description": "** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue.", "cve": "debian:9:linux:CVE-2019-12379", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12379", "value": "CVE-2019-12379", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12379" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12379" } ] }, { "id": "806a03007cefc64e90e45fba37fe354946528dc275f7e17f9a6c3e649f86bf0e", "category": "container_scanning", "message": "CVE-2019-12380 in linux", "description": "**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.", "cve": "debian:9:linux:CVE-2019-12380", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12380", "value": "CVE-2019-12380", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12380" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12380" } ] }, { "id": "da6445e1385d166d0c3e1c425473ca4ca1adfd753cc0e38bdf921a3fcb82a332", "category": "container_scanning", "message": "CVE-2019-12381 in linux", "description": "** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.", "cve": "debian:9:linux:CVE-2019-12381", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12381", "value": "CVE-2019-12381", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12381" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12381" } ] }, { "id": "7c6b62a5964b4afa605bd5da1c89e7c052b86a637e0f79e40fb05b34d4d30ac5", "category": "container_scanning", "message": "CVE-2019-12382 in linux", "description": "** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.", "cve": "debian:9:linux:CVE-2019-12382", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12382", "value": "CVE-2019-12382", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12382" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12382" } ] }, { "id": "9ac82636fe766535338ea807dc32663f85d342fbb80fa49d33cb3f4d62aa24a0", "category": "container_scanning", "message": "CVE-2019-12455 in linux", "description": "** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”.", "cve": "debian:9:linux:CVE-2019-12455", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12455", "value": "CVE-2019-12455", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12455" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12455" } ] }, { "id": "2491b1699b567dae54b8a264cc13fbc6d92b2cd8d4a5502a28bb4ff00fb31d6e", "category": "container_scanning", "message": "CVE-2019-12456 in linux", "description": "** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a \"double fetch\" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.", "cve": "debian:9:linux:CVE-2019-12456", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12456", "value": "CVE-2019-12456", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12456" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12456" } ] }, { "id": "d9619e4378c9011b10304e5c40eee20f70ca09ae4647d15912664c0d465d14c8", "category": "container_scanning", "message": "CVE-2019-12615 in linux", "description": "An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info-\u003evdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).", "cve": "debian:9:linux:CVE-2019-12615", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12615", "value": "CVE-2019-12615", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12615" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12615" } ] }, { "id": "63a1e6c28c2b9c4eb24d60caba005843fd4c786d2c91ea662e24c78a46b8832c", "category": "container_scanning", "message": "CVE-2019-16229 in linux", "description": "** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.", "cve": "debian:9:linux:CVE-2019-16229", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-16229", "value": "CVE-2019-16229", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16229" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-16229" } ] }, { "id": "23b07ae3cfa8c1f8ddf038dffbb6fff52031f8548d85314fd8dee26e844ca0c5", "category": "container_scanning", "message": "CVE-2019-16230 in linux", "description": "** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.", "cve": "debian:9:linux:CVE-2019-16230", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-16230", "value": "CVE-2019-16230", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16230" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-16230" } ] }, { "id": "61aca407643db371833aadc3c4630aef8b0b519ab8d8d1be35cddc8ab7424e94", "category": "container_scanning", "message": "CVE-2019-16231 in linux", "description": "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "cve": "debian:9:linux:CVE-2019-16231", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-16231", "value": "CVE-2019-16231", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16231" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-16231" } ] }, { "id": "325424532be182add3dcc079fd71c9aacdafe1fca227ef20be0e09e68bcef394", "category": "container_scanning", "message": "CVE-2019-16232 in linux", "description": "drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "cve": "debian:9:linux:CVE-2019-16232", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-16232", "value": "CVE-2019-16232", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16232" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-16232" } ] }, { "id": "b53383eb4cc39ac0396d3cfeb29c1789f81b95450269b916571b59b419ae2ae3", "category": "container_scanning", "message": "CVE-2019-16233 in linux", "description": "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "cve": "debian:9:linux:CVE-2019-16233", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-16233", "value": "CVE-2019-16233", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16233" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-16233" } ] }, { "id": "22907d95434e869e5f83d6ccebd22dac37b8c8e2061d449ceab5240e266ee0bd", "category": "container_scanning", "message": "CVE-2019-16234 in linux", "description": "drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "cve": "debian:9:linux:CVE-2019-16234", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-16234", "value": "CVE-2019-16234", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16234" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-16234" } ] }, { "id": "81fd29daa8b45ad2669ad1663d2dc584307dce4bb21822f3b58bdf5eaff9a34b", "category": "container_scanning", "message": "CVE-2019-18808 in linux", "description": "A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.", "cve": "debian:9:linux:CVE-2019-18808", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-18808", "value": "CVE-2019-18808", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18808" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-18808" } ] }, { "id": "e461987be9191e9c83b64b598751073ddee9364d0e09b4ad88c024275893ac97", "category": "container_scanning", "message": "CVE-2019-19046 in linux", "description": "** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time.", "cve": "debian:9:linux:CVE-2019-19046", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19046", "value": "CVE-2019-19046", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19046" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19046" } ] }, { "id": "7370c41d001266282b087e2b0183370032c51126a868859896eadda3450a9975", "category": "container_scanning", "message": "CVE-2019-19054 in linux", "description": "A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.", "cve": "debian:9:linux:CVE-2019-19054", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19054", "value": "CVE-2019-19054", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19054" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19054" } ] }, { "id": "38d31498465c6a309ae37509d827c8aacabfdbc6c105364f9be34f55f8d955f3", "category": "container_scanning", "message": "CVE-2019-19060 in linux", "description": "A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.", "cve": "debian:9:linux:CVE-2019-19060", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19060", "value": "CVE-2019-19060", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19060" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19060" } ] }, { "id": "f2763f12e862e4213f43f42bc134ab4c641270b009906de10ae72b10a211b2e3", "category": "container_scanning", "message": "CVE-2019-19061 in linux", "description": "A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.", "cve": "debian:9:linux:CVE-2019-19061", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19061", "value": "CVE-2019-19061", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19061" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19061" } ] }, { "id": "edf69d1f70dcc9bd05194d4895a6cf3092344ee1a1206b9a297d903c3f5e43f6", "category": "container_scanning", "message": "CVE-2019-19064 in linux", "description": "** DISPUTED ** A memory leak in the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering pm_runtime_get_sync() failures, aka CID-057b8945f78f. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control these failures at probe time.", "cve": "debian:9:linux:CVE-2019-19064", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19064", "value": "CVE-2019-19064", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19064" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19064" } ] }, { "id": "db6e1e15b5f87f9b67af66325528e64733959ba0972c5a124ed21435af3b20bf", "category": "container_scanning", "message": "CVE-2019-19067 in linux", "description": "** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading.", "cve": "debian:9:linux:CVE-2019-19067", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19067", "value": "CVE-2019-19067", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19067" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19067" } ] }, { "id": "18dd52b6e16fad46e736244d5f7d065b729443e0b114cd6f1444c5159726cddf", "category": "container_scanning", "message": "CVE-2019-19070 in linux", "description": "** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began.", "cve": "debian:9:linux:CVE-2019-19070", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19070", "value": "CVE-2019-19070", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19070" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19070" } ] }, { "id": "b3c3465b6a922289aabba9adbff66ff977b601a45bb70dadbdb2f3d7a780b302", "category": "container_scanning", "message": "CVE-2019-19075 in linux", "description": "A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.", "cve": "debian:9:linux:CVE-2019-19075", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19075", "value": "CVE-2019-19075", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19075" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19075" } ] }, { "id": "c6b2544cd77c53c2ce3a92143b02f494d0cd105d77835e3df25ef5ffc760666d", "category": "container_scanning", "message": "CVE-2020-14331 in linux", "description": "A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cve": "debian:9:linux:CVE-2020-14331", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-14331", "value": "CVE-2020-14331", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14331" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-14331" } ] }, { "id": "740b5bea616e388a0c06cebece907e9413b54a480c21a85ffcd680f9adbf41ff", "category": "container_scanning", "message": "CVE-2019-17543 in lz4", "description": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"", "cve": "debian:9:lz4:CVE-2019-17543", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "lz4" }, "version": "0.0~r131-2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-17543", "value": "CVE-2019-17543", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17543" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-17543" } ] }, { "id": "92086eabcef810f555bc977f47265dc32a25c64f44319e47533b9301d09aad41", "category": "container_scanning", "message": "CVE-2018-19211 in ncurses", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "cve": "debian:9:ncurses:CVE-2018-19211", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "ncurses" }, "version": "6.0+20161126-1+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-19211", "value": "CVE-2018-19211", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19211" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-19211" } ] }, { "id": "f7916d54247f984505eae79361176963c4e2b4b0ae0b87a30339a1c085f9959c", "category": "container_scanning", "message": "CVE-2019-17594 in ncurses", "description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", "cve": "debian:9:ncurses:CVE-2019-17594", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "ncurses" }, "version": "6.0+20161126-1+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-17594", "value": "CVE-2019-17594", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-17594" } ] }, { "id": "2d7e406ef45eca936632f7b394f531cce7588702095233eaf012c64d67643849", "category": "container_scanning", "message": "CVE-2019-17595 in ncurses", "description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.", "cve": "debian:9:ncurses:CVE-2019-17595", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "ncurses" }, "version": "6.0+20161126-1+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-17595", "value": "CVE-2019-17595", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-17595" } ] }, { "id": "72d75a86ef67e167f4a726af22a2fdaf293b1b5987b377e1054af9bac759edbd", "category": "container_scanning", "message": "CVE-2007-6755 in openssl", "description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", "cve": "debian:9:openssl:CVE-2007-6755", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "openssl" }, "version": "1.1.0l-1~deb9u1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2007-6755", "value": "CVE-2007-6755", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6755" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2007-6755" } ] }, { "id": "077b4f00d4e14df425a9122b7a5f65a43cbfab04c5744ce2a68697205fe1bc80", "category": "container_scanning", "message": "CVE-2010-0928 in openssl", "description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"", "cve": "debian:9:openssl:CVE-2010-0928", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "openssl" }, "version": "1.1.0l-1~deb9u1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2010-0928", "value": "CVE-2010-0928", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0928" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2010-0928" } ] }, { "id": "b9c40d199efe1f73a7d0c334423c24aa80a721ae8502ef4eb109162ba40ae925", "category": "container_scanning", "message": "CVE-2019-1551 in openssl", "description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).", "cve": "debian:9:openssl:CVE-2019-1551", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "openssl" }, "version": "1.1.0l-1~deb9u1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-1551", "value": "CVE-2019-1551", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-1551" } ] }, { "id": "ebedcda49505b6594c48715245ddc23710dd0ba6e347162fcd266eec7f82a655", "category": "container_scanning", "message": "CVE-2017-11164 in pcre3", "description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "cve": "debian:9:pcre3:CVE-2017-11164", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "pcre3" }, "version": "2:8.39-3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-11164", "value": "CVE-2017-11164", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-11164" } ] }, { "id": "c39ddb911877e856d285aa5a71b297fb84b99cc0cf49250099c0a3492dcfe392", "category": "container_scanning", "message": "CVE-2017-16231 in pcre3", "description": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.", "cve": "debian:9:pcre3:CVE-2017-16231", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "pcre3" }, "version": "2:8.39-3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-16231", "value": "CVE-2017-16231", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16231" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-16231" } ] }, { "id": "7f9ed4c5d87c8e54ce3aa7348814aeeb4f9fe8d293f033b53c4ed5befac0a6cd", "category": "container_scanning", "message": "CVE-2017-7245 in pcre3", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "cve": "debian:9:pcre3:CVE-2017-7245", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "pcre3" }, "version": "2:8.39-3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-7245", "value": "CVE-2017-7245", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7245" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-7245" } ] }, { "id": "323f2f6b25c18f4b416a769118ece7e4fd8d5a999917e6d4f56f725ba3ca03ea", "category": "container_scanning", "message": "CVE-2017-7246 in pcre3", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "cve": "debian:9:pcre3:CVE-2017-7246", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "pcre3" }, "version": "2:8.39-3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-7246", "value": "CVE-2017-7246", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7246" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-7246" } ] }, { "id": "e4e257f3b7c10bb7a87352f789027e6600ef7536834bd231eb56623558b1714a", "category": "container_scanning", "message": "CVE-2019-20838 in pcre3", "description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "cve": "debian:9:pcre3:CVE-2019-20838", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "pcre3" }, "version": "2:8.39-3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-20838", "value": "CVE-2019-20838", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-20838" } ] }, { "id": "ac04ff1a74c8aea8312d4967f115734efbbc4624b302cac77524d7c0dba28712", "category": "container_scanning", "message": "CVE-2011-4116 in perl", "description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", "cve": "debian:9:perl:CVE-2011-4116", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "perl" }, "version": "5.24.1-3+deb9u7" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2011-4116", "value": "CVE-2011-4116", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4116" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2011-4116" } ] }, { "id": "00184643494c3e2b81c423ebf7d4dbdf68bfc8f2b04e902fe10694a72e6d96f1", "category": "container_scanning", "message": "CVE-2017-17522 in python3.5", "description": "** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.", "cve": "debian:9:python3.5:CVE-2017-17522", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "python3.5" }, "version": "3.5.3-1+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-17522", "value": "CVE-2017-17522", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17522" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-17522" } ] }, { "id": "3f7490b9d73d70196e223df4dc82a422b6ca4bd9b57bc9e57c47cf76116e690b", "category": "container_scanning", "message": "CVE-2019-20907 in python3.5", "description": "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.", "cve": "debian:9:python3.5:CVE-2019-20907", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "python3.5" }, "version": "3.5.3-1+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-20907", "value": "CVE-2019-20907", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20907" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-20907" } ] }, { "id": "7db3a57fc3e89a08d73c2a2ff2a15994e00d7f4a5cfc4dd9b39a6dc629e7d9af", "category": "container_scanning", "message": "CVE-2019-9674 in python3.5", "description": "Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.", "cve": "debian:9:python3.5:CVE-2019-9674", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "python3.5" }, "version": "3.5.3-1+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9674", "value": "CVE-2019-9674", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9674" } ] }, { "id": "af17ebd974c0b22fd08ef9f78010f2771e3d939a60141c05adfd653ca7340935", "category": "container_scanning", "message": "CVE-2007-5686 in shadow", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "cve": "debian:9:shadow:CVE-2007-5686", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "shadow" }, "version": "1:4.4-4.1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2007-5686", "value": "CVE-2007-5686", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5686" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2007-5686" } ] }, { "id": "8bee469ee926276ca346e2ca63fd5cd5d44cbb5f498b399d2af48aaa0f5d49d6", "category": "container_scanning", "message": "CVE-2013-4235 in shadow", "description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", "cve": "debian:9:shadow:CVE-2013-4235", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "shadow" }, "version": "1:4.4-4.1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2013-4235", "value": "CVE-2013-4235", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2013-4235" } ] }, { "id": "e02c41650fe9f744aea992e34f4bbf51a7528ad65e126265e4578365c7e2909a", "category": "container_scanning", "message": "CVE-2018-7169 in shadow", "description": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.", "cve": "debian:9:shadow:CVE-2018-7169", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "shadow" }, "version": "1:4.4-4.1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-7169", "value": "CVE-2018-7169", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-7169" } ] }, { "id": "2b3c773bf123ccd0758776ae10d4c53378aaf4ac09404964ccf90d3c5766e60c", "category": "container_scanning", "message": "CVE-2019-19882 in shadow", "description": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).", "cve": "debian:9:shadow:CVE-2019-19882", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "shadow" }, "version": "1:4.4-4.1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19882", "value": "CVE-2019-19882", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19882" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19882" } ] }, { "id": "e26199e53fadcba4946d27858ed0dd38de060ee25ffd0a7463c6221add670ed9", "category": "container_scanning", "message": "CVE-2017-13685 in sqlite3", "description": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.", "cve": "debian:9:sqlite3:CVE-2017-13685", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "sqlite3" }, "version": "3.16.2-5+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-13685", "value": "CVE-2017-13685", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13685" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-13685" } ] }, { "id": "de2ac38116ed10a0f48ffec94f3bdb10ba32261bff7764e9b28ffaf5f1d7ae6d", "category": "container_scanning", "message": "CVE-2020-11656 in sqlite3", "description": "In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.", "cve": "debian:9:sqlite3:CVE-2020-11656", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "sqlite3" }, "version": "3.16.2-5+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-11656", "value": "CVE-2020-11656", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11656" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-11656" } ] }, { "id": "75f2e68e6ac11d18acbd80cefdc037f7d310d926a1eb4e845d25c47ffd43549f", "category": "container_scanning", "message": "CVE-2013-4392 in systemd", "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "cve": "debian:9:systemd:CVE-2013-4392", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2013-4392", "value": "CVE-2013-4392", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2013-4392" } ] }, { "id": "07ea44d025d2539213699ec1c8e7b806e43e3484a4696ab24560f9f0136a94b0", "category": "container_scanning", "message": "CVE-2017-1000082 in systemd", "description": "systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. \"0day\"), running the service in question with root privileges rather than the user intended.", "cve": "debian:9:systemd:CVE-2017-1000082", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-1000082", "value": "CVE-2017-1000082", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000082" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-1000082" } ] }, { "id": "37f6c4f4551ca52705a5d12b637aaef93599a35a344215a006a6a705372155c8", "category": "container_scanning", "message": "CVE-2017-18078 in systemd", "description": "systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.", "cve": "debian:9:systemd:CVE-2017-18078", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-18078", "value": "CVE-2017-18078", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18078" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-18078" } ] }, { "id": "e61127eb7a677b64a2e192ec6dbeed9ba300343608cb8dc8da0ede1e98d924f1", "category": "container_scanning", "message": "CVE-2018-16888 in systemd", "description": "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", "cve": "debian:9:systemd:CVE-2018-16888", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-16888", "value": "CVE-2018-16888", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16888" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-16888" } ] }, { "id": "4332b20da562178d36088ca8b635a84e89f7441eec42d10ce58b6f41919b8a6e", "category": "container_scanning", "message": "CVE-2018-6954 in systemd", "description": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.", "cve": "debian:9:systemd:CVE-2018-6954", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-6954", "value": "CVE-2018-6954", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6954" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-6954" } ] }, { "id": "0bac24f74a5ce7adb20dd3fa3aa9e994f6d8eec371dbf01c3e7110e843d6233d", "category": "container_scanning", "message": "CVE-2019-20386 in systemd", "description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", "cve": "debian:9:systemd:CVE-2019-20386", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-20386", "value": "CVE-2019-20386", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-20386" } ] }, { "id": "381955d75ae6c16a8c82296260a23a5ab2094fcedd674211e6cb645945080c5e", "category": "container_scanning", "message": "CVE-2020-13776 in systemd", "description": "systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.", "cve": "debian:9:systemd:CVE-2020-13776", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-13776", "value": "CVE-2020-13776", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13776" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-13776" } ] }, { "id": "01e62e6b8da97934ee45d08dbc04570624cc3370a2b03348ae92560efe1c5e6e", "category": "container_scanning", "message": "CVE-2005-2541 in tar", "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "cve": "debian:9:tar:CVE-2005-2541", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "tar" }, "version": "1.29b-1.1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2005-2541", "value": "CVE-2005-2541", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2541" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2005-2541" } ] }, { "id": "4e19ffdcad9de8b4975e49ecaebba4ff84d76db384cb9cf1172c982c640a8e44", "category": "container_scanning", "message": "CVE-2019-9923 in tar", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "cve": "debian:9:tar:CVE-2019-9923", "severity": "Low", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "tar" }, "version": "1.29b-1.1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9923", "value": "CVE-2019-9923", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9923" } ] }, { "id": "9654da45cab78e5b3e9e7ca10229378ce51192f6092f522122c8304dee86ba50", "category": "container_scanning", "message": "CVE-2017-12448 in binutils", "description": "The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.", "cve": "debian:9:binutils:CVE-2017-12448", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12448", "value": "CVE-2017-12448", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12448" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12448" } ] }, { "id": "fad212b3c3d3b3a7bb0db4bb07ca08f269bbe869ff3ab6186324fe0a4e72385e", "category": "container_scanning", "message": "CVE-2017-12449 in binutils", "description": "The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.", "cve": "debian:9:binutils:CVE-2017-12449", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12449", "value": "CVE-2017-12449", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12449" } ] }, { "id": "fe654e5af9fe915771be012ebafa376fab4ca69938dbd954fc336af435ab0fbd", "category": "container_scanning", "message": "CVE-2017-12450 in binutils", "description": "The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.", "cve": "debian:9:binutils:CVE-2017-12450", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12450", "value": "CVE-2017-12450", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12450" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12450" } ] }, { "id": "350a38635245191eab7188b02dd6eabd62c8fd3819149f7d02ab36ecd672df24", "category": "container_scanning", "message": "CVE-2017-12451 in binutils", "description": "The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.", "cve": "debian:9:binutils:CVE-2017-12451", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12451", "value": "CVE-2017-12451", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12451" } ] }, { "id": "26804de72ce3d64d99ebf2d14bc2b0aad00d18742a0ae979817cf75c9f49b8c8", "category": "container_scanning", "message": "CVE-2017-12452 in binutils", "description": "The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.", "cve": "debian:9:binutils:CVE-2017-12452", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12452", "value": "CVE-2017-12452", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12452" } ] }, { "id": "cc39a55c8c58b1baec24746bd3cc137aef433a273939fc437dd057ae5f88f3f5", "category": "container_scanning", "message": "CVE-2017-12453 in binutils", "description": "The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", "cve": "debian:9:binutils:CVE-2017-12453", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12453", "value": "CVE-2017-12453", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12453" } ] }, { "id": "24408256bb13eeb2d84bd829d9aa4e5880ace054c454c1ef927fe4f8e2559e22", "category": "container_scanning", "message": "CVE-2017-12454 in binutils", "description": "The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.", "cve": "debian:9:binutils:CVE-2017-12454", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12454", "value": "CVE-2017-12454", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12454" } ] }, { "id": "6a26e88f23d3f6822ade82f3735f20a61877bfaf3aaeb16408384582f824adb7", "category": "container_scanning", "message": "CVE-2017-12455 in binutils", "description": "The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.", "cve": "debian:9:binutils:CVE-2017-12455", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12455", "value": "CVE-2017-12455", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12455" } ] }, { "id": "6e34b1ef5f8f27522343a2eaaeeb5c7520313662b3e007f6478a5022c0353869", "category": "container_scanning", "message": "CVE-2017-12456 in binutils", "description": "The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.", "cve": "debian:9:binutils:CVE-2017-12456", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12456", "value": "CVE-2017-12456", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12456" } ] }, { "id": "b72d4b14cce06ecfa8caa74c688bcb692525f20f27cb79112faae2668a1a610f", "category": "container_scanning", "message": "CVE-2017-12457 in binutils", "description": "The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.", "cve": "debian:9:binutils:CVE-2017-12457", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12457", "value": "CVE-2017-12457", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12457" } ] }, { "id": "779b39277916ada4105fa0cbb13404b9e4e1bf9366462123ffdda4014f0db562", "category": "container_scanning", "message": "CVE-2017-12458 in binutils", "description": "The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.", "cve": "debian:9:binutils:CVE-2017-12458", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12458", "value": "CVE-2017-12458", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12458" } ] }, { "id": "a0f4516759c94dc587b4fd927a2f0a5abf7270935635344d6928a1da47d96768", "category": "container_scanning", "message": "CVE-2017-12459 in binutils", "description": "The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.", "cve": "debian:9:binutils:CVE-2017-12459", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12459", "value": "CVE-2017-12459", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12459" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12459" } ] }, { "id": "c4afc2c30857eafdcfae3df4c059db17984bd3b5165b63532eb4a196ea2b8b55", "category": "container_scanning", "message": "CVE-2017-12799 in binutils", "description": "The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.", "cve": "debian:9:binutils:CVE-2017-12799", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12799", "value": "CVE-2017-12799", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12799" } ] }, { "id": "2b85aaa841027c07bd2d280a42a70a510a3efa04071ab7c2d7fad66f5a0298aa", "category": "container_scanning", "message": "CVE-2017-12967 in binutils", "description": "The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.", "cve": "debian:9:binutils:CVE-2017-12967", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12967", "value": "CVE-2017-12967", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12967" } ] }, { "id": "54599ddb7d76ba4445aae80eb16f5210969631f5154e2cf604ad240f1790dbb1", "category": "container_scanning", "message": "CVE-2017-13710 in binutils", "description": "The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.", "cve": "debian:9:binutils:CVE-2017-13710", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-13710", "value": "CVE-2017-13710", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-13710" } ] }, { "id": "8c1f7c2f3d177faeddf35b922e2b0b6578b8f7508c833ba1e590d1aa3d16c9b6", "category": "container_scanning", "message": "CVE-2017-13757 in binutils", "description": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.", "cve": "debian:9:binutils:CVE-2017-13757", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-13757", "value": "CVE-2017-13757", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-13757" } ] }, { "id": "118e921d8e30a6243a5ed133d1c13dcadafbfe73fe19337f3bde336b5f9afce8", "category": "container_scanning", "message": "CVE-2017-14333 in binutils", "description": "The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during \"readelf -a\" execution.", "cve": "debian:9:binutils:CVE-2017-14333", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14333", "value": "CVE-2017-14333", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14333" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14333" } ] }, { "id": "d36bf3fad8be934617d34b14fa38094783c1e3be5118151b16fd323d9e00cfda", "category": "container_scanning", "message": "CVE-2017-14529 in binutils", "description": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.", "cve": "debian:9:binutils:CVE-2017-14529", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14529", "value": "CVE-2017-14529", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14529" } ] }, { "id": "f83a23a3948046cb4a2a8354f5638cd4b4a30b8252683a907f11c667f06d00f4", "category": "container_scanning", "message": "CVE-2017-14729 in binutils", "description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", "cve": "debian:9:binutils:CVE-2017-14729", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14729", "value": "CVE-2017-14729", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14729" } ] }, { "id": "7a259b352865072658da33c8aa747e0aea9075b2cf6849332a312b729fc152ea", "category": "container_scanning", "message": "CVE-2017-14745 in binutils", "description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", "cve": "debian:9:binutils:CVE-2017-14745", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14745", "value": "CVE-2017-14745", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14745" } ] }, { "id": "123e333a3c6cf1c468df697fcb70c43a7f35146eb3aad3da794ccb30d1ffb4cc", "category": "container_scanning", "message": "CVE-2017-14974 in binutils", "description": "The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.", "cve": "debian:9:binutils:CVE-2017-14974", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-14974", "value": "CVE-2017-14974", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-14974" } ] }, { "id": "23d880257644f888fee20450919255ba25f44bd8d7c7c4db67edce5aa83cafda", "category": "container_scanning", "message": "CVE-2017-9954 in binutils", "description": "The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.", "cve": "debian:9:binutils:CVE-2017-9954", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9954", "value": "CVE-2017-9954", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9954" } ] }, { "id": "7d8535e8ff586f5ec902446a6b193afbae54cfb2475e0d3935c51dfffc07d5a6", "category": "container_scanning", "message": "CVE-2017-9955 in binutils", "description": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.", "cve": "debian:9:binutils:CVE-2017-9955", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-9955", "value": "CVE-2017-9955", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-9955" } ] }, { "id": "1a55eccafb4e76929ffc324ef43c0cd5ed94ff4cea9af9d786ea2abd131406d6", "category": "container_scanning", "message": "CVE-2018-10372 in binutils", "description": "process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.", "cve": "debian:9:binutils:CVE-2018-10372", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-10372", "value": "CVE-2018-10372", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10372" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-10372" } ] }, { "id": "c60bcf237f3b160ae2c8366fd868fd2bf79e7285852eeb0c42380d035c18b11c", "category": "container_scanning", "message": "CVE-2018-10373 in binutils", "description": "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.", "cve": "debian:9:binutils:CVE-2018-10373", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-10373", "value": "CVE-2018-10373", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10373" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-10373" } ] }, { "id": "c507eed553e67ecaacf3211c6e824f2834b3360b72accf06e672cad6aa5e4be3", "category": "container_scanning", "message": "CVE-2018-10534 in binutils", "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.", "cve": "debian:9:binutils:CVE-2018-10534", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-10534", "value": "CVE-2018-10534", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10534" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-10534" } ] }, { "id": "272fe4d39d739e2a0f3418115ae7ecb7c3c710d56a5bc2071752bb6927c5a487", "category": "container_scanning", "message": "CVE-2018-10535 in binutils", "description": "The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.", "cve": "debian:9:binutils:CVE-2018-10535", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-10535", "value": "CVE-2018-10535", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10535" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-10535" } ] }, { "id": "fd68ad9c349bd34e9801c7de2397516020dbe1caab7735155a654dd3940f2e6e", "category": "container_scanning", "message": "CVE-2018-6323 in binutils", "description": "The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", "cve": "debian:9:binutils:CVE-2018-6323", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-6323", "value": "CVE-2018-6323", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-6323" } ] }, { "id": "78732cb0429bfdc67ac2f80da38a1ff7e277927dbe389d0049439dbaac9561ce", "category": "container_scanning", "message": "CVE-2018-6543 in binutils", "description": "In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.", "cve": "debian:9:binutils:CVE-2018-6543", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-6543", "value": "CVE-2018-6543", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6543" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-6543" } ] }, { "id": "0ee0d9e0b0bd139bc64f55a8735d9c2e9cd972257d607fe7151fbc264a91d045", "category": "container_scanning", "message": "CVE-2018-6759 in binutils", "description": "The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.", "cve": "debian:9:binutils:CVE-2018-6759", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-6759", "value": "CVE-2018-6759", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6759" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-6759" } ] }, { "id": "b3bdd2db34f984cbf359559b63098a56f0f2ae58488eefd75f0c89dd79a6abeb", "category": "container_scanning", "message": "CVE-2018-6872 in binutils", "description": "The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.", "cve": "debian:9:binutils:CVE-2018-6872", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-6872", "value": "CVE-2018-6872", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-6872" } ] }, { "id": "7e4ddc665bd6d8e66a60204c95566d061ecc89e4109654e0fba892caa9a856a1", "category": "container_scanning", "message": "CVE-2018-7208 in binutils", "description": "In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.", "cve": "debian:9:binutils:CVE-2018-7208", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-7208", "value": "CVE-2018-7208", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7208" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-7208" } ] }, { "id": "f87ca3a1bc91d6a1c6d8b88fbe680e5c4a1907f3329f638e4a1e9e64706b2aa5", "category": "container_scanning", "message": "CVE-2018-7568 in binutils", "description": "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.", "cve": "debian:9:binutils:CVE-2018-7568", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-7568", "value": "CVE-2018-7568", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7568" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-7568" } ] }, { "id": "cc74c7c35e44fec99787df1c9eb770d8cb1e1d7ede16411fc52a66a8b30f9dbb", "category": "container_scanning", "message": "CVE-2018-7569 in binutils", "description": "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.", "cve": "debian:9:binutils:CVE-2018-7569", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-7569", "value": "CVE-2018-7569", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7569" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-7569" } ] }, { "id": "dba2d1a70261b72255972fc07b63d4f0033edecf567c4521d499b3c6cfe577be", "category": "container_scanning", "message": "CVE-2018-7570 in binutils", "description": "The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.", "cve": "debian:9:binutils:CVE-2018-7570", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-7570", "value": "CVE-2018-7570", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7570" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-7570" } ] }, { "id": "fef4bc7ca5aec70ed0222042b81c9b2c318e5361ffe48fb4f0f28c1f4a2c797c", "category": "container_scanning", "message": "CVE-2018-7642 in binutils", "description": "The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.", "cve": "debian:9:binutils:CVE-2018-7642", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-7642", "value": "CVE-2018-7642", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7642" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-7642" } ] }, { "id": "b3319a345db5fff80191743e191a64feeb66602d4dd50b258d972abd04ca8e1a", "category": "container_scanning", "message": "CVE-2018-7643 in binutils", "description": "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.", "cve": "debian:9:binutils:CVE-2018-7643", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "binutils" }, "version": "2.28-5" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-7643", "value": "CVE-2018-7643", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7643" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-7643" } ] }, { "id": "78d31c4d4186265aea72b000e4287e7df366717d26d43bffb99d1d3c988c6f93", "category": "container_scanning", "message": "CVE-2019-12900 in bzip2", "description": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.", "cve": "debian:9:bzip2:CVE-2019-12900", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "bzip2" }, "version": "1.0.6-8.1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12900", "value": "CVE-2019-12900", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12900" } ] }, { "id": "cdccf06a1e595e9065fec0a3f19274907495589cc7fc39fdc898f1e18cac28c0", "category": "container_scanning", "message": "CVE-2019-8905 in file", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "cve": "debian:9:file:CVE-2019-8905", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "file" }, "version": "1:5.30-1+deb9u3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-8905", "value": "CVE-2019-8905", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8905" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-8905" } ] }, { "id": "52a30d35e9aff494d262151e46cf5e0704cfbd341e01182e86f6d76169a84844", "category": "container_scanning", "message": "CVE-2019-8907 in file", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.", "cve": "debian:9:file:CVE-2019-8907", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "file" }, "version": "1:5.30-1+deb9u3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-8907", "value": "CVE-2019-8907", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8907" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-8907" } ] }, { "id": "0cbb079d9f58dbe8d7b75c48bcdccad04976196279a81f1d8e8b8fa100dfd618", "category": "container_scanning", "message": "CVE-2018-12886 in gcc-6", "description": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.", "cve": "debian:9:gcc-6:CVE-2018-12886", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "gcc-6" }, "version": "6.3.0-18+deb9u1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12886", "value": "CVE-2018-12886", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12886" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12886" } ] }, { "id": "25ea183b52ab3be8fec9164c3b14242122a7e22af78289273c7cc94de7207147", "category": "container_scanning", "message": "CVE-2009-5155 in glibc", "description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.", "cve": "debian:9:glibc:CVE-2009-5155", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2009-5155", "value": "CVE-2009-5155", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2009-5155" } ] }, { "id": "7ca34b417ad03e717def819bb0b0e67e64a69a5aec0481ef12b7a2ed040efbfc", "category": "container_scanning", "message": "CVE-2016-10739 in glibc", "description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.", "cve": "debian:9:glibc:CVE-2016-10739", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2016-10739", "value": "CVE-2016-10739", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2016-10739" } ] }, { "id": "4f198791c86f65fe38940a9e64d304e78d19da143cd27be113cac8ba194a2459", "category": "container_scanning", "message": "CVE-2017-12132 in glibc", "description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.", "cve": "debian:9:glibc:CVE-2017-12132", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12132", "value": "CVE-2017-12132", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12132" } ] }, { "id": "935f2eaa55631c8b3b8a33439acdbfef0f5a72bdf722da71e483797bb65156ea", "category": "container_scanning", "message": "CVE-2018-1000001 in glibc", "description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.", "cve": "debian:9:glibc:CVE-2018-1000001", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-1000001", "value": "CVE-2018-1000001", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-1000001" } ] }, { "id": "56210b2630ae0ca02176f69e5b7f37cf0d7f8347cb9f002be1ffb3ffe9876ea9", "category": "container_scanning", "message": "CVE-2018-6485 in glibc", "description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.", "cve": "debian:9:glibc:CVE-2018-6485", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-6485", "value": "CVE-2018-6485", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6485" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-6485" } ] }, { "id": "e9d48ccabbc405b1257d23f940dad22fc87ced047f4f79a0727fec68d8d6df41", "category": "container_scanning", "message": "CVE-2018-6551 in glibc", "description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.", "cve": "debian:9:glibc:CVE-2018-6551", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-6551", "value": "CVE-2018-6551", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-6551" } ] }, { "id": "87b1853668dd5a239f1e958678316eece974c2b19193a7efb55877eed18c9af9", "category": "container_scanning", "message": "CVE-2019-19126 in glibc", "description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", "cve": "debian:9:glibc:CVE-2019-19126", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19126", "value": "CVE-2019-19126", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19126" } ] }, { "id": "fad0edf000f08925230d491fd551343f0a9277f9d8b8ac74c05a70a6a03d62f4", "category": "container_scanning", "message": "CVE-2019-9169 in glibc", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.", "cve": "debian:9:glibc:CVE-2019-9169", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9169", "value": "CVE-2019-9169", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9169" } ] }, { "id": "61393e83abd12cdce856b1ef20a2b188dc8ac07fe5054839a0c19af71d5ed0a6", "category": "container_scanning", "message": "CVE-2020-10029 in glibc", "description": "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", "cve": "debian:9:glibc:CVE-2020-10029", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-10029", "value": "CVE-2020-10029", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-10029" } ] }, { "id": "7d743ec6e8fbcb593c2b5834a75881a87e199908dc2d5818fba194004034996c", "category": "container_scanning", "message": "CVE-2020-1751 in glibc", "description": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.", "cve": "debian:9:glibc:CVE-2020-1751", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-1751", "value": "CVE-2020-1751", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1751" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-1751" } ] }, { "id": "fe908bf0b46185cf18f2ed0f1460a79934226b508613bc38c0965b4857406e5d", "category": "container_scanning", "message": "CVE-2020-1752 in glibc", "description": "A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.", "cve": "debian:9:glibc:CVE-2020-1752", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "glibc" }, "version": "2.24-11+deb9u4" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-1752", "value": "CVE-2020-1752", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1752" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-1752" } ] }, { "id": "1030f6a3feee70b69b88bff96b80f568af499a55d2133ebf349da4cf342c4473", "category": "container_scanning", "message": "CVE-2019-12904 in libgcrypt20", "description": "In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)", "cve": "debian:9:libgcrypt20:CVE-2019-12904", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "libgcrypt20" }, "version": "1.7.6-2+deb9u3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12904", "value": "CVE-2019-12904", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12904" } ] }, { "id": "c4c51350038f6a523b465cec4f81e0fb0b38635c2b1398a9987574b671ef2d99", "category": "container_scanning", "message": "CVE-2019-13627 in libgcrypt20", "description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.", "cve": "debian:9:libgcrypt20:CVE-2019-13627", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "libgcrypt20" }, "version": "1.7.6-2+deb9u3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-13627", "value": "CVE-2019-13627", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-13627" } ] }, { "id": "aba1453b5d9ee369d2c2edbf6dedf7ea035f7689f971590d0a444317937dbaf5", "category": "container_scanning", "message": "CVE-2013-7445 in linux", "description": "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.", "cve": "debian:9:linux:CVE-2013-7445", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2013-7445", "value": "CVE-2013-7445", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7445" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2013-7445" } ] }, { "id": "ee274343eb5af250ea35e5319026c0942867e8ecf3c83e8df957127b4202a23f", "category": "container_scanning", "message": "CVE-2017-0630 in linux", "description": "An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.", "cve": "debian:9:linux:CVE-2017-0630", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-0630", "value": "CVE-2017-0630", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0630" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-0630" } ] }, { "id": "72c7a583402d01220c0d8c358dfae095ffbb8d396fcc99e68c4e5f2485d3c0ef", "category": "container_scanning", "message": "CVE-2017-18232 in linux", "description": "The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.", "cve": "debian:9:linux:CVE-2017-18232", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-18232", "value": "CVE-2017-18232", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18232" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-18232" } ] }, { "id": "b87b6fdc03583cc9954a78385a32eb3c8215290ce87bc4c6ae17acd5167f7434", "category": "container_scanning", "message": "CVE-2018-10322 in linux", "description": "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.", "cve": "debian:9:linux:CVE-2018-10322", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-10322", "value": "CVE-2018-10322", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10322" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-10322" } ] }, { "id": "bb91616647a8257dedff55bc2a13be001bcecdaedd83a076c94aeba7119bc3fe", "category": "container_scanning", "message": "CVE-2018-1108 in linux", "description": "kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.", "cve": "debian:9:linux:CVE-2018-1108", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-1108", "value": "CVE-2018-1108", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1108" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-1108" } ] }, { "id": "187d206602d98bdebed8c64d06cb5037b621bc66d8edae348af9d4db2adfb2ba", "category": "container_scanning", "message": "CVE-2018-12929 in linux", "description": "ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.", "cve": "debian:9:linux:CVE-2018-12929", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12929", "value": "CVE-2018-12929", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12929" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12929" } ] }, { "id": "e69beefba7dd5b16001f1ba73bd3ba737a98d6184e3a9af62c675b811f5744ea", "category": "container_scanning", "message": "CVE-2018-12930 in linux", "description": "ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.", "cve": "debian:9:linux:CVE-2018-12930", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12930", "value": "CVE-2018-12930", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12930" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12930" } ] }, { "id": "f225816a11ab143363093d73c01f49a5b3954b31386d03020003810dfef662d1", "category": "container_scanning", "message": "CVE-2018-12931 in linux", "description": "ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.", "cve": "debian:9:linux:CVE-2018-12931", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-12931", "value": "CVE-2018-12931", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12931" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-12931" } ] }, { "id": "a3ac778784ce5330ee72b9aca11cb19261821027d19445bacc3bb4cf01967c4a", "category": "container_scanning", "message": "CVE-2018-13095 in linux", "description": "An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.", "cve": "debian:9:linux:CVE-2018-13095", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-13095", "value": "CVE-2018-13095", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13095" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-13095" } ] }, { "id": "39fe8bcb59081cab13f89714472bf3efd971987191f4d63bbe4df6a301a6a85d", "category": "container_scanning", "message": "CVE-2018-17977 in linux", "description": "The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.", "cve": "debian:9:linux:CVE-2018-17977", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-17977", "value": "CVE-2018-17977", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17977" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-17977" } ] }, { "id": "3fa3ce671d7fa15d500ce8ef25ae1041d06b9ffd5fb3ce504781ff0dc6f7178c", "category": "container_scanning", "message": "CVE-2018-20449 in linux", "description": "The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading \"callback=\" lines in a debugfs file.", "cve": "debian:9:linux:CVE-2018-20449", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20449", "value": "CVE-2018-20449", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20449" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20449" } ] }, { "id": "7bd0fa6a31a51c9e0affa37a6c9057bdad0588a551f7a58cc6829f1c4b659398", "category": "container_scanning", "message": "CVE-2018-3693 in linux", "description": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.", "cve": "debian:9:linux:CVE-2018-3693", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-3693", "value": "CVE-2018-3693", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3693" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-3693" } ] }, { "id": "705e75de8fe0fbf6b613266f9c38ff13eca7d169ff230d6e9c2b936e100f617e", "category": "container_scanning", "message": "CVE-2018-7273 in linux", "description": "In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.", "cve": "debian:9:linux:CVE-2018-7273", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-7273", "value": "CVE-2018-7273", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7273" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-7273" } ] }, { "id": "38e77eba8e7cc408f470f5f398e239327b94568de32422708104b0c69b1aff93", "category": "container_scanning", "message": "CVE-2018-7754 in linux", "description": "The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading \"ffree: \" lines in a debugfs file.", "cve": "debian:9:linux:CVE-2018-7754", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-7754", "value": "CVE-2018-7754", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7754" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-7754" } ] }, { "id": "942959009cd46a7b4a88b6d802824b4554c7e5861b73438bdc80727a68ca6021", "category": "container_scanning", "message": "CVE-2019-0145 in linux", "description": "Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.", "cve": "debian:9:linux:CVE-2019-0145", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-0145", "value": "CVE-2019-0145", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0145" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-0145" } ] }, { "id": "0c560a58da7c2f67fa0d6bd066f9e3bdbedfd969e94e5f0b320a97d94c60d78b", "category": "container_scanning", "message": "CVE-2019-0146 in linux", "description": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.", "cve": "debian:9:linux:CVE-2019-0146", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-0146", "value": "CVE-2019-0146", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0146" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-0146" } ] }, { "id": "4e88507c65144a77fab3fcd26931347b354fa84f16a8e561a4b1db6a3c3b8a76", "category": "container_scanning", "message": "CVE-2019-0147 in linux", "description": "Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.", "cve": "debian:9:linux:CVE-2019-0147", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-0147", "value": "CVE-2019-0147", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0147" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-0147" } ] }, { "id": "81db342d554449fd7a86509585021618cd9945b7713ce5935609673e3bd4cc5b", "category": "container_scanning", "message": "CVE-2019-0148 in linux", "description": "Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.", "cve": "debian:9:linux:CVE-2019-0148", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-0148", "value": "CVE-2019-0148", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0148" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-0148" } ] }, { "id": "c60a1e8859ff95a8d97c7e53e27d8fc2118e14f086a47a55749e651af2b6ff01", "category": "container_scanning", "message": "CVE-2019-0149 in linux", "description": "Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.", "cve": "debian:9:linux:CVE-2019-0149", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-0149", "value": "CVE-2019-0149", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0149" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-0149" } ] }, { "id": "35a12b7efeae960bb051b77c74df4bcefaa97b655bd70e124ca76c43e1a4dff1", "category": "container_scanning", "message": "CVE-2019-12984 in linux", "description": "A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_target() in net/nfc/netlink.c in the Linux kernel before 5.1.13 can be triggered by a malicious user-mode program that omits certain NFC attributes, leading to denial of service.", "cve": "debian:9:linux:CVE-2019-12984", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-12984", "value": "CVE-2019-12984", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12984" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-12984" } ] }, { "id": "71b7592e8044cb6d7552bd3269a688f7ea57a9699a34ad152acf5a9663013bd9", "category": "container_scanning", "message": "CVE-2019-19036 in linux", "description": "btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root-\u003enode) can be zero.", "cve": "debian:9:linux:CVE-2019-19036", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19036", "value": "CVE-2019-19036", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19036" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19036" } ] }, { "id": "c12d82916bd7b4a2c7c5c25751da93ea107ab747abe863382c5a7b5d82783185", "category": "container_scanning", "message": "CVE-2019-19039 in linux", "description": "** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.”", "cve": "debian:9:linux:CVE-2019-19039", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19039", "value": "CVE-2019-19039", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19039" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19039" } ] }, { "id": "3629cf4419d77e6a626b1099aca6805c7ad9e6196486aeaa71ff8d89c8bbf542", "category": "container_scanning", "message": "CVE-2019-19073 in linux", "description": "Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10.", "cve": "debian:9:linux:CVE-2019-19073", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19073", "value": "CVE-2019-19073", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19073" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19073" } ] }, { "id": "08479c7ba912a6ff29aed1a6ebfb8953da9a3f588a612a0ca5ee6fb90089b9c2", "category": "container_scanning", "message": "CVE-2019-19074 in linux", "description": "A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.", "cve": "debian:9:linux:CVE-2019-19074", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19074", "value": "CVE-2019-19074", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19074" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19074" } ] }, { "id": "d92a8f6d06f17e121b044e52fde4d8a8cd72ad3b1b323f69eecbed280902681b", "category": "container_scanning", "message": "CVE-2019-19318 in linux", "description": "In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,", "cve": "debian:9:linux:CVE-2019-19318", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19318", "value": "CVE-2019-19318", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19318" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19318" } ] }, { "id": "5dec28db99d5852d54d8169e66a4b1658f2c692f2cf93f1b19a6b0d826791292", "category": "container_scanning", "message": "CVE-2019-19377 in linux", "description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.", "cve": "debian:9:linux:CVE-2019-19377", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19377", "value": "CVE-2019-19377", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19377" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19377" } ] }, { "id": "07c228d8dc065fc8b5882234629b3e6992aed2a4ee903e763d5b8becffc1ff09", "category": "container_scanning", "message": "CVE-2019-19378 in linux", "description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.", "cve": "debian:9:linux:CVE-2019-19378", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19378", "value": "CVE-2019-19378", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19378" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19378" } ] }, { "id": "f6a3ccb7164dbcf0bfcc741769eddd71941f9ff2bbac0e451cd238351ae06755", "category": "container_scanning", "message": "CVE-2019-19448 in linux", "description": "In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.", "cve": "debian:9:linux:CVE-2019-19448", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19448", "value": "CVE-2019-19448", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19448" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19448" } ] }, { "id": "6b79bb320a2e7103978a41b9cc9304b9f0b44fafb75481e1e0ba07eb6fe72102", "category": "container_scanning", "message": "CVE-2019-19449 in linux", "description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).", "cve": "debian:9:linux:CVE-2019-19449", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19449", "value": "CVE-2019-19449", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19449" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19449" } ] }, { "id": "77fced60897ba326acf9f94abf98d352be2c65ff3b4a09bed66b96ea3415d506", "category": "container_scanning", "message": "CVE-2019-19813 in linux", "description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.", "cve": "debian:9:linux:CVE-2019-19813", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19813", "value": "CVE-2019-19813", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19813" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19813" } ] }, { "id": "0642ef7d3ac3f38c87ca0e7e5c42e0f92e7c64c28e09a0f4e0d22d9871da21e2", "category": "container_scanning", "message": "CVE-2019-19814 in linux", "description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.", "cve": "debian:9:linux:CVE-2019-19814", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19814", "value": "CVE-2019-19814", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19814" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19814" } ] }, { "id": "fdf94ff8f8a103eebe2170079ce4b5dce282898e5508887427ef09465d730dec", "category": "container_scanning", "message": "CVE-2019-19815 in linux", "description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h.", "cve": "debian:9:linux:CVE-2019-19815", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19815", "value": "CVE-2019-19815", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19815" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19815" } ] }, { "id": "f641e0c525ff3452ff7f4be03cc9af7e893f0ec7c65179d964340522a9c03bb2", "category": "container_scanning", "message": "CVE-2019-19816 in linux", "description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.", "cve": "debian:9:linux:CVE-2019-19816", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-19816", "value": "CVE-2019-19816", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19816" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-19816" } ] }, { "id": "7e0081b836c3d8148e34dfd0b1cd63c38ace17ad47c4670225478378dcd3e61a", "category": "container_scanning", "message": "CVE-2019-20794 in linux", "description": "An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.", "cve": "debian:9:linux:CVE-2019-20794", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-20794", "value": "CVE-2019-20794", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20794" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-20794" } ] }, { "id": "60911fb9adb3a129e203a49cad50a8b26a2cc2842bf96e1d0e4f3ce2ce5972c8", "category": "container_scanning", "message": "CVE-2019-20908 in linux", "description": "An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.", "cve": "debian:9:linux:CVE-2019-20908", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-20908", "value": "CVE-2019-20908", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20908" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-20908" } ] }, { "id": "23a83aaf11467b7534cff9c64f8df6709b71416d82cc8534116fbb36a676d1a3", "category": "container_scanning", "message": "CVE-2019-2213 in linux", "description": "In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel", "cve": "debian:9:linux:CVE-2019-2213", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-2213", "value": "CVE-2019-2213", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2213" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-2213" } ] }, { "id": "0b95efa90ae12af5fba4834c9fc18dda7ceca751a8bbe627d93e1d20799cf1b5", "category": "container_scanning", "message": "CVE-2019-3874 in linux", "description": "The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.", "cve": "debian:9:linux:CVE-2019-3874", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-3874", "value": "CVE-2019-3874", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3874" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-3874" } ] }, { "id": "c865970d43539820349d939428430706369bfc5ae242fd71a8f5fd9e34dda7a4", "category": "container_scanning", "message": "CVE-2019-9245 in linux", "description": "In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.", "cve": "debian:9:linux:CVE-2019-9245", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9245", "value": "CVE-2019-9245", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9245" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9245" } ] }, { "id": "3027ad8be0b57279b1a210f9cadb85e2d1bf16111a4e3707868eb369529357cd", "category": "container_scanning", "message": "CVE-2019-9444 in linux", "description": "In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.", "cve": "debian:9:linux:CVE-2019-9444", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9444", "value": "CVE-2019-9444", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9444" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9444" } ] }, { "id": "88444774755d1504a26e85434224e84a0e73d3bb3a150947f88db3a0816ec486", "category": "container_scanning", "message": "CVE-2019-9445 in linux", "description": "In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.", "cve": "debian:9:linux:CVE-2019-9445", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9445", "value": "CVE-2019-9445", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9445" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9445" } ] }, { "id": "e09ff9d0bee48432f7b1c08dd72c280f2b7834f7a64258dbbc9f80f6a350134c", "category": "container_scanning", "message": "CVE-2019-9453 in linux", "description": "In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.", "cve": "debian:9:linux:CVE-2019-9453", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-9453", "value": "CVE-2019-9453", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9453" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-9453" } ] }, { "id": "496a25219f19412ce525634b62db785cee1852f93fbe507fd89dd4888f0f9ac1", "category": "container_scanning", "message": "CVE-2020-0030 in linux", "description": "In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernel", "cve": "debian:9:linux:CVE-2020-0030", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-0030", "value": "CVE-2020-0030", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0030" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-0030" } ] }, { "id": "c233a4ad43eec2d4dd29db414fd34f8d27fabbc273f98c482f28e0dd92bfe585", "category": "container_scanning", "message": "CVE-2020-0067 in linux", "description": "In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147.", "cve": "debian:9:linux:CVE-2020-0067", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-0067", "value": "CVE-2020-0067", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0067" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-0067" } ] }, { "id": "0c502d89516f947b05b9e97efa962c4a0c55e07fdbf66d248f281bc78d53381b", "category": "container_scanning", "message": "CVE-2020-0427 in linux", "description": "In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171", "cve": "debian:9:linux:CVE-2020-0427", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-0427", "value": "CVE-2020-0427", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0427" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-0427" } ] }, { "id": "d66489c910ff0752821732f84096f99d0e4698deda943c1d8552e242382e47b9", "category": "container_scanning", "message": "CVE-2020-11725 in linux", "description": "** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-\u003eowner line, which later affects a private_size*count multiplication for unspecified \"interesting side effects.\" NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info-\u003eowner field to represent data unrelated to the \"owner\" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info-\u003eowner field in a safe way.", "cve": "debian:9:linux:CVE-2020-11725", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-11725", "value": "CVE-2020-11725", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11725" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-11725" } ] }, { "id": "5efba81d308e922f61495eb22a0cf9b9b1b48f2b66ecceb5e2c914b9d4728036", "category": "container_scanning", "message": "CVE-2020-12655 in linux", "description": "An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.", "cve": "debian:9:linux:CVE-2020-12655", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-12655", "value": "CVE-2020-12655", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12655" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-12655" } ] }, { "id": "6bbc067511dca34a43fed138490d9df6aaa7a38c393a764fb3e315ca5c1ce8af", "category": "container_scanning", "message": "CVE-2020-12771 in linux", "description": "An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.", "cve": "debian:9:linux:CVE-2020-12771", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-12771", "value": "CVE-2020-12771", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12771" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-12771" } ] }, { "id": "ada758a50763a34fc86f0d32c90ac8315825ebb779d550645c9d2837cee018aa", "category": "container_scanning", "message": "CVE-2020-12888 in linux", "description": "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.", "cve": "debian:9:linux:CVE-2020-12888", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-12888", "value": "CVE-2020-12888", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12888" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-12888" } ] }, { "id": "8037c14af978a3782deeebb04d5644b7ee4b9fba3b7dd6bcb3d22339490fa2cf", "category": "container_scanning", "message": "CVE-2020-14304 in linux", "description": "A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.", "cve": "debian:9:linux:CVE-2020-14304", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-14304", "value": "CVE-2020-14304", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14304" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-14304" } ] }, { "id": "85d9fce3fdda7bc2d9622e2b0f645a74753d3d4cd730021a0bc2386fbcd2f499", "category": "container_scanning", "message": "CVE-2020-14305 in linux", "description": "linux:4.9.228-1 is affected by CVE-2020-14305", "cve": "debian:9:linux:CVE-2020-14305", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-14305", "value": "CVE-2020-14305", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14305" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-14305" } ] }, { "id": "969ebae969785d4978cf1cebc509994f7842b720162380d6d76a96939d177682", "category": "container_scanning", "message": "CVE-2020-14314 in linux", "description": "A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.", "cve": "debian:9:linux:CVE-2020-14314", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-14314", "value": "CVE-2020-14314", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14314" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-14314" } ] }, { "id": "af44cf0e55270ef49cb44bc1ca54afea2e9477741c128e6d50f236777592cacb", "category": "container_scanning", "message": "CVE-2020-14351 in linux", "description": "linux:4.9.228-1 is affected by CVE-2020-14351", "cve": "debian:9:linux:CVE-2020-14351", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-14351", "value": "CVE-2020-14351", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14351" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-14351" } ] }, { "id": "dc1176c84e5e88183af62a85c70506fc189c870beca898567d2512f2e193b3e8", "category": "container_scanning", "message": "CVE-2020-14356 in linux", "description": "A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.", "cve": "debian:9:linux:CVE-2020-14356", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-14356", "value": "CVE-2020-14356", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14356" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-14356" } ] }, { "id": "a65c22924bd01347d8a268658ffbaf167ab19329c31fc8eb3c385e6725293b5c", "category": "container_scanning", "message": "CVE-2020-14386 in linux", "description": "A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.", "cve": "debian:9:linux:CVE-2020-14386", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-14386", "value": "CVE-2020-14386", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14386" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-14386" } ] }, { "id": "7172fef0646a098b8a47b1be61f848140041ba526bdd73ecc19950eb0ac723ea", "category": "container_scanning", "message": "CVE-2020-14390 in linux", "description": "A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.", "cve": "debian:9:linux:CVE-2020-14390", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-14390", "value": "CVE-2020-14390", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14390" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-14390" } ] }, { "id": "3dbe4055bff65d43cd7968cc076c3e5d5ae073acbf06aea818995cda5fef57a9", "category": "container_scanning", "message": "CVE-2020-15393 in linux", "description": "In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.", "cve": "debian:9:linux:CVE-2020-15393", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-15393", "value": "CVE-2020-15393", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15393" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-15393" } ] }, { "id": "b71959e2d69f7e4b766a2776fbc021a46734b05909e8213d96ebfe27408b22a2", "category": "container_scanning", "message": "CVE-2020-15780 in linux", "description": "An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.", "cve": "debian:9:linux:CVE-2020-15780", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-15780", "value": "CVE-2020-15780", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15780" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-15780" } ] }, { "id": "f636d35b4b932da817c1feb32cbb62048c93f105d8cf70b37ba14a0b4cd05205", "category": "container_scanning", "message": "CVE-2020-15802 in linux", "description": "Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.", "cve": "debian:9:linux:CVE-2020-15802", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-15802", "value": "CVE-2020-15802", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15802" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-15802" } ] }, { "id": "f536efbca0d9757ef87dd025cfa048e3d9a8317a8e51a5536bf1757cff6885b9", "category": "container_scanning", "message": "CVE-2020-16166 in linux", "description": "The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.", "cve": "debian:9:linux:CVE-2020-16166", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-16166", "value": "CVE-2020-16166", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16166" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-16166" } ] }, { "id": "f8229cb31e886b44260376aa27e1594e3cdfb2b792ca79655621e0b1d37a7e14", "category": "container_scanning", "message": "CVE-2020-25211 in linux", "description": "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.", "cve": "debian:9:linux:CVE-2020-25211", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-25211", "value": "CVE-2020-25211", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25211" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-25211" } ] }, { "id": "c7af825be91485cae8634c95441172b296543edbb9fb475da90c43b4bda13dfd", "category": "container_scanning", "message": "CVE-2020-25212 in linux", "description": "A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.", "cve": "debian:9:linux:CVE-2020-25212", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-25212", "value": "CVE-2020-25212", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25212" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-25212" } ] }, { "id": "bbedee0bf7209a41b457b859d06d822dd1fc6d782ddde7052041263630ab8c44", "category": "container_scanning", "message": "CVE-2020-25284 in linux", "description": "The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.", "cve": "debian:9:linux:CVE-2020-25284", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-25284", "value": "CVE-2020-25284", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-25284" } ] }, { "id": "822d27a7214dd3864c032bf5aa2e5c403365cbb58c6a42ad3633a795d83a3695", "category": "container_scanning", "message": "CVE-2020-25285 in linux", "description": "A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.", "cve": "debian:9:linux:CVE-2020-25285", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-25285", "value": "CVE-2020-25285", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25285" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-25285" } ] }, { "id": "982678f77eed387b96317c8cd10ae8073ebee4cf5071bce5a77821ee7abd8aaf", "category": "container_scanning", "message": "CVE-2020-25639 in linux", "description": "linux:4.9.228-1 is affected by CVE-2020-25639", "cve": "debian:9:linux:CVE-2020-25639", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-25639", "value": "CVE-2020-25639", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25639" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-25639" } ] }, { "id": "99b3d72a411f1302c22cd3716ea2d594d305b1556c8edbf0560c5a04655619be", "category": "container_scanning", "message": "CVE-2020-25641 in linux", "description": "linux:4.9.228-1 is affected by CVE-2020-25641", "cve": "debian:9:linux:CVE-2020-25641", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-25641", "value": "CVE-2020-25641", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25641" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-25641" } ] }, { "id": "144b0e694cec093346755a2e7ee8cd040c3252554dbff2e771a7d39ad948ffed", "category": "container_scanning", "message": "CVE-2020-26088 in linux", "description": "A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.", "cve": "debian:9:linux:CVE-2020-26088", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "linux" }, "version": "4.9.228-1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-26088", "value": "CVE-2020-26088", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26088" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-26088" } ] }, { "id": "8e201110141637d3edb0281431b7fcde6b61283c7039ff7609e1672976a29aad", "category": "container_scanning", "message": "CVE-2020-14155 in pcre3", "description": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.", "cve": "debian:9:pcre3:CVE-2020-14155", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "pcre3" }, "version": "2:8.39-3" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-14155", "value": "CVE-2020-14155", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-14155" } ] }, { "id": "b41c821276747e9a9b3acc247517b192acc4e05318bcac6e51ec7ceb36d53054", "category": "container_scanning", "message": "CVE-2020-26116 in python3.5", "description": "python3.5:3.5.3-1+deb9u2 is affected by CVE-2020-26116", "cve": "debian:9:python3.5:CVE-2020-26116", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "python3.5" }, "version": "3.5.3-1+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-26116", "value": "CVE-2020-26116", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-26116" } ] }, { "id": "3c9e9ea4fc3a683104789b990ce3496478fa2c1f0e5415de4b9308a3b882a20d", "category": "container_scanning", "message": "CVE-2017-12424 in shadow", "description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.", "cve": "debian:9:shadow:CVE-2017-12424", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "shadow" }, "version": "1:4.4-4.1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2017-12424", "value": "CVE-2017-12424", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12424" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2017-12424" } ] }, { "id": "a2c82b9dbf7cee4fe50bd03a0ead3621763130490f2542aa2ff7017d011c888f", "category": "container_scanning", "message": "CVE-2019-8457 in sqlite3", "description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", "cve": "debian:9:sqlite3:CVE-2019-8457", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "sqlite3" }, "version": "3.16.2-5+deb9u2" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-8457", "value": "CVE-2019-8457", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-8457" } ] }, { "id": "cbc8f3d8f13d7c675fe69fbdc4682dd6ed5ba87a5ffb42e9ba9500178d029180", "category": "container_scanning", "message": "CVE-2019-3843 in systemd", "description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.", "cve": "debian:9:systemd:CVE-2019-3843", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-3843", "value": "CVE-2019-3843", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-3843" } ] }, { "id": "23cf73fba3b0a5456f71af554dc08f1159b56771276e0f8712816f623bc9e253", "category": "container_scanning", "message": "CVE-2019-3844 in systemd", "description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.", "cve": "debian:9:systemd:CVE-2019-3844", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2019-3844", "value": "CVE-2019-3844", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2019-3844" } ] }, { "id": "d7b1fe106e37158bb417174941b06f0ab2d39a101944eb7886f1f580705c1034", "category": "container_scanning", "message": "CVE-2020-1712 in systemd", "description": "A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.", "cve": "debian:9:systemd:CVE-2020-1712", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "systemd" }, "version": "232-25+deb9u12" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2020-1712", "value": "CVE-2020-1712", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2020-1712" } ] }, { "id": "7ea76620ac806c3c24cb7df9c77a0e408b6b6ce78898e39266634e576b999bc0", "category": "container_scanning", "message": "CVE-2018-20482 in tar", "description": "GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).", "cve": "debian:9:tar:CVE-2018-20482", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "tar" }, "version": "1.29b-1.1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2018-20482", "value": "CVE-2018-20482", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20482" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2018-20482" } ] }, { "id": "229b74c90ea3657dff83b19e3d226089204cf5903e063fbe162106518a521e6b", "category": "container_scanning", "message": "CVE-2016-2779 in util-linux", "description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "cve": "debian:9:util-linux:CVE-2016-2779", "severity": "Unknown", "confidence": "Unknown", "scanner": { "id": "klar", "name": "klar" }, "location": { "dependency": { "package": { "name": "util-linux" }, "version": "2.29.2-1+deb9u1" }, "operating_system": "debian:9", "image": "registry.devops:5000/devops/webapp:prod" }, "identifiers": [ { "type": "cve", "name": "CVE-2016-2779", "value": "CVE-2016-2779", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779" } ], "links": [ { "url": "https://security-tracker.debian.org/tracker/CVE-2016-2779" } ] } ], "remediations": [], "scan": { "scanner": { "id": "clair", "name": "Clair", "url": "https://github.com/coreos/clair", "vendor": { "name": "GitLab" }, "version": "2.1.4" }, "type": "container_scanning", "start_time": "2020-09-28T03:32:47", "end_time": "2020-09-28T03:33:25", "status": "success" } }