Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package (implicit)
name:my-package (explicit)

Search by package filename:
my-package.ext (implicit)
filename:my-package.ext (explicit)

Search by package tag:
latest (implicit)
tag:latest (explicit)

Search by package version:
1.0.0 (implicit)
version:1.0.0 (explicit)
prerelease:true (prereleases)
prerelease:false (no prereleases)

Search by package architecture:
architecture:x86_64 

Search by package distribution:
distribution:el 

Search by package license:
license:MIT 

Search by package format:
format:deb 

Search by package status:
status:in_progress 

Search by package file checksum:
checksum:5afba 

Search by package security status:
severity:critical 

Search by package vulnerabilities:
vulnerabilities:>1 
vulnerabilities:<1000 

Search by # of package downloads:
downloads:>8 
downloads:<100 

Search by package type:
type:binary 
type:source 

Search by package size (bytes):
size:>50000 
size:<10000 

Search by dependency name/version:
dependency:log4j 
dependency:log4j=1.0.0 
dependency:log4j>1.0.0 

Search by uploaded date:
uploaded:>"1 day ago" 
uploaded:<"August 14, 2022 EST" 

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY 

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Go, Helm, Hex, LuaRocks, Maven, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial
Set Me Up
 Public cloudsmith cloudsmith (Cloudsmith) / challenges-pub
A certifiably-awesome public package repository curated by Cloudsmith, hosted by Cloudsmith.
Packages 2 Package Groups 2 Public Keys

Docker logo node  c6ad96c5345c1a714e0052d08d8…

Download

One-liner (summary)

A certifiably-awesome package curated by Lee Skillen, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by Lee Skillen, hosted by Cloudsmith.

License

Unknown

Size

51.7 MB

Downloads

10

Tags

image amd64 linux 12-buster-slim latest

Status  Completed
GPG Signature
Download
Storage Region  Dublin, Ireland
Type  Binary (contains binaries and binary artifacts)
Uploaded At 3 years, 5 months ago
Uploaded By lskillen
Slug Id node-79z
Unique Id GvJa9SIhBaeN
Version (Raw) c6ad96c5345c1a714e0052d08d83635c8e422ea0d103adc7f9f2df4fcfb7fe2d
Version (Parsed)
  • Type: Unknown
  docker-specific metadata
Image Digest sha256:c6ad96c5345c1a714e0052d08d83635c8e422ea0d103adc7f9f2df4fcfb7fe2d
Config Digest sha256:87addae5aecfd61b8dcc273d38ec0305b583ed4c30609ea3381dfc5d97aa6396
V1 OCI Index Digest sha256:630e7a4024ff535a6d5b725a0efb70bd1c9a4b268be259292eb6008b6689b74c
V1 Distribution (Signed) Digest sha256:ce88ac7bf3e7519aaf31edc57778ed746c3b3fa60b6cca6293b8a82325dc4c8e
V1 OCI Digest sha256:30a56ba07d8dd2609f18aa73c2c4b012f512106afad453c1946ccc4104cd5017
V2 Distribution List Digest sha256:4eae233915322a2aec6bb42fd8e9e94ee2780c96981d49fc63574a8b8f154ddc
V2 Distribution Digest sha256:c6ad96c5345c1a714e0052d08d83635c8e422ea0d103adc7f9f2df4fcfb7fe2d
V1 Distribution Digest sha256:e39f935c6f2f441dac5ce3007576b65a4c6d23737fb9b369052d12d2d004a865
  extended metadata
Architecture amd64
Config
Attach Stderr
Attach Stdin
Attach Stdout
Cmd
node
Entrypoint
docker-entrypoint.sh
Env
NODE_VERSION=12.20.0 | PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | YARN_VERSION=1.22.5
Image
sha256:8a0ff36f7966b4de8c2bb9a629492801ffa59ce04b644f163a48284150480a7f
Open Stdin
Stdin Once
Tty
Container c6bbf64f15c71b7b4c8dff32f978ed0a84678e558f76e8a66a33c2e722a188f7
Container Config
Attach Stderr
Attach Stdin
Attach Stdout
Cmd
/bin/sh -c #(nop) CMD ["node"]
Entrypoint
docker-entrypoint.sh
Env
NODE_VERSION=12.20.0 | PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | YARN_VERSION=1.22.5
Hostname
c6bbf64f15c7
Image
sha256:8a0ff36f7966b4de8c2bb9a629492801ffa59ce04b644f163a48284150480a7f
Open Stdin
Stdin Once
Tty
Created 2020-11-25 00:39:20 UTC
Docker Version 19.03.12
Os linux

This package was uploaded with the following V2 Distribution manifest: 

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 7090,
      "digest": "sha256:8acd37496dc14059849c3b0d678b8e5c1ec494517e506440bab5114b507f318a"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 27105484,
         "digest": "sha256:852e50cd189dfeb54d97680d9fa6bed21a6d7d18cfb56d6abfe2de9d7f173795"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 4157,
         "digest": "sha256:4feb33c38b25af20750293d327ff996cabcfdc353b5e82b34f0ef0bd8d73f331"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 24374846,
         "digest": "sha256:6aacc458d6942970ad1d1b73e8036ea8378bb46846f57b76d4b2c17c913b0e96"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 2758107,
         "digest": "sha256:2055b416f95b531b402637e95a64aa611d1e5782fa2a156895805ec9f47607b8"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 283,
         "digest": "sha256:45b5e630f43d1491337214fcc5de9c8acc9a04bc550a699445b1a0b42bb343fe"
      }
   ]
}
Digest: sha256:852e50cd189dfeb54d97680d9fa6bed21a6d7d18cfb56d6abfe2de9d7f173795
Command: /bin/sh -c #(nop) ADD file:d2abb0e4e7ac1773741f51f57d3a0b8ffc7907348842d773f8c341ba17f856d5 in /
25.8 MB
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["bash"]
 32 bytes
Digest: sha256:4feb33c38b25af20750293d327ff996cabcfdc353b5e82b34f0ef0bd8d73f331
Command: /bin/sh -c groupadd --gid 1000 node && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
 4.1 KB
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV NODE_VERSION=12.20.0
 32 bytes
Digest: sha256:6aacc458d6942970ad1d1b73e8036ea8378bb46846f57b76d4b2c17c913b0e96
Command: /bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)" && case "${dpkgArch##*-}" in amd64) ARCH='x64';; ppc64el) ARCH='ppc64le';; s390x) ARCH='s390x';; arm64) ARCH='arm64';; armhf) ARCH='armv7l';; i386) ARCH='x86';; *) echo "unsupported architecture"; exit 1 ;; esac && set -ex && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends && rm -rf /var/lib/apt/lists/* && for key in 4ED778F539E3634C779C87C6D7062848A1AB005C 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 1C050899334244A8AF75E53792EF661D867B9DFA 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C DD8F2338BAE7501E3DD5AC78C273792F7D83545D A48C2BEE680E841632CD4E44F07496B3EB3C1762 108F52B48DB57BB0CC439B2997B01419BD92F80A B9E2F5981AA6E0CD28160D9FF13993A75599653C ; do gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt && apt-mark auto '.*' > /dev/null && find /usr/local -type f -executable -exec ldd '{}' ';' | awk '/=>/ { print $(NF-1) }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && ln -s /usr/local/bin/node /usr/local/bin/nodejs && node --version && npm --version
 23.2 MB
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV YARN_VERSION=1.22.5
 32 bytes
Digest: sha256:2055b416f95b531b402637e95a64aa611d1e5782fa2a156895805ec9f47607b8
Command: /bin/sh -c set -ex && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends && rm -rf /var/lib/apt/lists/* && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; done && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && apt-mark auto '.*' > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } && find /usr/local -type f -executable -exec ldd '{}' ';' | awk '/=>/ { print $(NF-1) }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && yarn --version
 2.6 MB
Digest: sha256:45b5e630f43d1491337214fcc5de9c8acc9a04bc550a699445b1a0b42bb343fe
Command: /bin/sh -c #(nop) COPY file:238737301d47304174e4d24f4def935b29b3069c03c72ae8de97d94624382fce in /usr/local/bin/
283 bytes
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENTRYPOINT ["docker-entrypoint.sh"]
 32 bytes
Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["node"]
 32 bytes
Docker logo
node
 c6ad96c5345c1a714e0052d08d83635c8e422ea…
image amd64 linux 12-buster-slim latest
51.7 MB 3 years, 5 months ago
10 lskillen
Only packages within the same repository are displayed. The current package you're viewing is highlighted.

Last scanned

3 years, 5 months ago

Scan result

Vulnerable

Vulnerability count

85

Max. severity

High
Target: /oci (debian 10.6)
HIGH

CVE-2018-12886: gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

Package Name: gcc-8-base
Installed Version: 8.3.0-6
Fixed Version:

References: gcc.gnu.org www.gnu.org
HIGH

CVE-2019-15847: gcc: POWER9 "DARN" RNG intrinsic produces repeated output

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Package Name: gcc-8-base
Installed Version: 8.3.0-6
Fixed Version:

References: lists.opensuse.org lists.opensuse.org lists.opensuse.org gcc.gnu.org linux.oracle.com linux.oracle.com
HIGH

CVE-2020-1751: glibc: array overflow in backtrace functions for powerpc

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org usn.ubuntu.com usn.ubuntu.com
HIGH

CVE-2020-1752: glibc: use-after-free in glob() function when expanding ~user

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com
HIGH

CVE-2020-1751: glibc: array overflow in backtrace functions for powerpc

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org usn.ubuntu.com usn.ubuntu.com
HIGH

CVE-2020-1752: glibc: use-after-free in glob() function when expanding ~user

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com
HIGH

CVE-2018-12886: gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

Package Name: libgcc1
Installed Version: 8.3.0-6
Fixed Version:

References: gcc.gnu.org www.gnu.org
HIGH

CVE-2019-15847: gcc: POWER9 "DARN" RNG intrinsic produces repeated output

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Package Name: libgcc1
Installed Version: 8.3.0-6
Fixed Version:

References: lists.opensuse.org lists.opensuse.org lists.opensuse.org gcc.gnu.org linux.oracle.com linux.oracle.com
HIGH

CVE-2020-24659: gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.

Package Name: libgnutls30
Installed Version: 3.6.7-4+deb10u5
Fixed Version:

References: lists.opensuse.org lists.opensuse.org cve.mitre.org gitlab.com lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org security.netapp.com usn.ubuntu.com usn.ubuntu.com www.gnutls.org
HIGH

CVE-2019-12290

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.

Package Name: libidn2-0
Installed Version: 2.0.5-1+deb10u1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org cve.mitre.org gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org usn.ubuntu.com usn.ubuntu.com
HIGH

CVE-2018-12886: gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypass

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

Package Name: libstdc++6
Installed Version: 8.3.0-6
Fixed Version:

References: gcc.gnu.org www.gnu.org
HIGH

CVE-2019-15847: gcc: POWER9 "DARN" RNG intrinsic produces repeated output

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

Package Name: libstdc++6
Installed Version: 8.3.0-6
Fixed Version:

References: lists.opensuse.org lists.opensuse.org lists.opensuse.org gcc.gnu.org linux.oracle.com linux.oracle.com
HIGH

CVE-2019-3843: systemd: services with DynamicUser can create SUID/SGID binaries

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

Package Name: libsystemd0
Installed Version: 241-7~deb10u4
Fixed Version:

References: www.securityfocus.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com
HIGH

CVE-2019-3844: systemd: services with DynamicUser can get new privileges and create SGID binaries

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

Package Name: libsystemd0
Installed Version: 241-7~deb10u4
Fixed Version:

References: www.securityfocus.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com usn.ubuntu.com usn.ubuntu.com
HIGH

CVE-2019-3843: systemd: services with DynamicUser can create SUID/SGID binaries

It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.

Package Name: libudev1
Installed Version: 241-7~deb10u4
Fixed Version:

References: www.securityfocus.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com
HIGH

CVE-2019-3844: systemd: services with DynamicUser can get new privileges and create SGID binaries

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.

Package Name: libudev1
Installed Version: 241-7~deb10u4
Fixed Version:

References: www.securityfocus.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com usn.ubuntu.com usn.ubuntu.com
MEDIUM

CVE-2020-10029: glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: lists.opensuse.org cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org security.netapp.com sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com
MEDIUM

CVE-2020-27618: glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop

No description is available for this CVE.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: sourceware.org
MEDIUM

CVE-2020-10029: glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: lists.opensuse.org cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org security.netapp.com sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com
MEDIUM

CVE-2020-27618: glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop

No description is available for this CVE.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: sourceware.org
MEDIUM

CVE-2019-12904: Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)

Package Name: libgcrypt20
Installed Version: 1.8.4-5
Fixed Version:

References: lists.opensuse.org cve.mitre.org dev.gnupg.org github.com github.com people.canonical.com
MEDIUM

CVE-2019-13627: libgcrypt: ECDSA timing attack allowing private key leak

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

Package Name: libgcrypt20
Installed Version: 1.8.4-5
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.openwall.com cve.mitre.org dev.gnupg.org github.com linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org minerva.crocs.fi.muni.cz security-tracker.debian.org security.gentoo.org usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com
MEDIUM

CVE-2020-14155: pcre: integer overflow in libpcre

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Package Name: libpcre3
Installed Version: 2:8.39-12
Fixed Version:

References: about.gitlab.com bugs.gentoo.org cve.mitre.org support.apple.com www.pcre.org
LOW

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

Package Name: apt
Installed Version: 1.8.2.1
Fixed Version:

References: access.redhat.com bugs.debian.org people.canonical.com security-tracker.debian.org snyk.io
LOW

CVE-2019-18276: bash: when effective UID is not equal to its real UID the saved UID is not dropped

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

Package Name: bash
Installed Version: 5.0-4
Fixed Version:

References: packetstormsecurity.com cve.mitre.org github.com security.netapp.com www.youtube.com
LOW

TEMP-0841856-B18BAF



Package Name: bash
Installed Version: 5.0-4
Fixed Version:

References:
LOW

CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Package Name: coreutils
Installed Version: 8.30-3
Fixed Version:

References: seclists.org www.openwall.com www.openwall.com cve.mitre.org lore.kernel.org
LOW

CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrp

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

Package Name: coreutils
Installed Version: 8.30-3
Fixed Version:

References: lists.gnu.org
LOW

CVE-2019-14855: gnupg2: OpenPGP Key Certification Forgeries with SHA-1

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

Package Name: gpgv
Installed Version: 2.2.12-1+deb10u1
Fixed Version:

References: bugzilla.redhat.com cve.mitre.org dev.gnupg.org eprint.iacr.org lists.gnupg.org rwc.iacr.org usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2011-3374

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

Package Name: libapt-pkg5.0
Installed Version: 1.8.2.1
Fixed Version:

References: access.redhat.com bugs.debian.org people.canonical.com security-tracker.debian.org snyk.io
LOW

CVE-2010-4051: CVE-2010-4052 glibc: De-recursivise regular expression engine

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: cxib.net seclists.org secunia.com securityreason.com securityreason.com securitytracker.com www.exploit-db.com www.kb.cert.org www.securityfocus.com www.securityfocus.com bugzilla.redhat.com
LOW

CVE-2010-4052: CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: cxib.net seclists.org secunia.com securityreason.com securityreason.com securitytracker.com www.exploit-db.com www.kb.cert.org www.securityfocus.com www.securityfocus.com bugzilla.redhat.com
LOW

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: cxib.net securityreason.com securityreason.com
LOW

CVE-2016-10228: glibc: iconv program can hang when invoked with the -c option

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: openwall.com www.securityfocus.com cve.mitre.org sourceware.org sourceware.org sourceware.org
LOW

CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: www.securityfocus.com debbugs.gnu.org lists.gnu.org security.netapp.com support.f5.com
LOW

CVE-2019-1010022: glibc: stack guard protection bypass

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: security-tracker.debian.org sourceware.org ubuntu.com
LOW

CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: www.securityfocus.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com
LOW

CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: www.securityfocus.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-19126: glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: sourceware.org support.f5.com
LOW

CVE-2020-6096: glibc: signed comparison vulnerability in the ARMv7 memcpy function

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

Package Name: libc-bin
Installed Version: 2.28-10
Fixed Version:

References: cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org sourceware.org sourceware.org talosintelligence.com www.talosintelligence.com
LOW

CVE-2010-4051: CVE-2010-4052 glibc: De-recursivise regular expression engine

The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: cxib.net seclists.org secunia.com securityreason.com securityreason.com securitytracker.com www.exploit-db.com www.kb.cert.org www.securityfocus.com www.securityfocus.com bugzilla.redhat.com
LOW

CVE-2010-4052: CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine

Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: cxib.net seclists.org secunia.com securityreason.com securityreason.com securitytracker.com www.exploit-db.com www.kb.cert.org www.securityfocus.com www.securityfocus.com bugzilla.redhat.com
LOW

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: cxib.net securityreason.com securityreason.com
LOW

CVE-2016-10228: glibc: iconv program can hang when invoked with the -c option

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: openwall.com www.securityfocus.com cve.mitre.org sourceware.org sourceware.org sourceware.org
LOW

CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: www.securityfocus.com debbugs.gnu.org lists.gnu.org security.netapp.com support.f5.com
LOW

CVE-2019-1010022: glibc: stack guard protection bypass

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: security-tracker.debian.org sourceware.org ubuntu.com
LOW

CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: www.securityfocus.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com
LOW

CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: www.securityfocus.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com
LOW

CVE-2019-19126: glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: sourceware.org support.f5.com
LOW

CVE-2020-6096: glibc: signed comparison vulnerability in the ARMv7 memcpy function

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

Package Name: libc6
Installed Version: 2.28-10
Fixed Version:

References: cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org sourceware.org sourceware.org talosintelligence.com www.talosintelligence.com
LOW

CVE-2018-6829: libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Package Name: libgcrypt20
Installed Version: 1.8.4-5
Fixed Version:

References: github.com github.com lists.gnupg.org www.oracle.com
LOW

CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

Package Name: libgnutls30
Installed Version: 3.6.7-4+deb10u5
Fixed Version:

References: arcticdog.wordpress.com blog.mozilla.com blogs.technet.com blogs.technet.com curl.haxx.se downloads.asterisk.org ekoparty.org eprint.iacr.org eprint.iacr.org googlechromereleases.blogspot.com isc.sans.edu lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org marc.info marc.info marc.info marc.info marc.info marc.info my.opera.com osvdb.org rhn.redhat.com rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com technet.microsoft.com vnhacker.blogspot.com www.apcmedia.com www.debian.org www.educatedguesswork.org www.ibm.com www.imperialviolet.org www.insecure.cl www.kb.cert.org www.mandriva.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.oracle.com www.oracle.com www.oracle.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.ubuntu.com www.us-cert.gov blogs.oracle.com bugzilla.novell.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org docs.microsoft.com h20564.www2.hp.com hermes.opensuse.org hermes.opensuse.org ics-cert.us-cert.gov linux.oracle.com linux.oracle.com oval.cisecurity.org usn.ubuntu.com
LOW

CVE-2019-17543: lz4: heap-based buffer overflow in LZ4_write32

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Package Name: liblz4-1
Installed Version: 1.8.3-1
Fixed Version:

References: lists.opensuse.org lists.opensuse.org bugs.chromium.org cve.mitre.org github.com github.com github.com github.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org www.oracle.com
LOW

CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.c

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Package Name: libpcre3
Installed Version: 2:8.39-12
Fixed Version:

References: openwall.com www.securityfocus.com cve.mitre.org
LOW

CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service

** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.

Package Name: libpcre3
Installed Version: 2:8.39-12
Fixed Version:

References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com bugs.exim.org
LOW

CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre3
Installed Version: 2:8.39-12
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substring

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

Package Name: libpcre3
Installed Version: 2:8.39-12
Fixed Version:

References: www.securityfocus.com access.redhat.com blogs.gentoo.org security.gentoo.org
LOW

CVE-2019-20838: pcre: buffer over-read in JIT when UTF is disabled

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Package Name: libpcre3
Installed Version: 2:8.39-12
Fixed Version:

References: bugs.gentoo.org cve.mitre.org support.apple.com www.pcre.org
LOW

CVE-2019-9893: libseccomp: incorrect generation of syscall filters in libseccomp

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

Package Name: libseccomp2
Installed Version: 2.3.3-4
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.paul-moore.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com seclists.org security.gentoo.org usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.openwall.com
LOW

CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

Package Name: libsystemd0
Installed Version: 241-7~deb10u4
Fixed Version:

References: bugs.debian.org www.openwall.com bugzilla.redhat.com
LOW

CVE-2019-20386: systemd: memory leak in button_open() in login/logind-button.c when udev events are received

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

Package Name: libsystemd0
Installed Version: 241-7~deb10u4
Fixed Version:

References: lists.opensuse.org cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2020-13776: systemd: mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.

Package Name: libsystemd0
Installed Version: 241-7~deb10u4
Fixed Version:

References: github.com lists.fedoraproject.org security.netapp.com
LOW

CVE-2018-1000654: libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

Package Name: libtasn1-6
Installed Version: 4.13-3
Fixed Version:

References: lists.opensuse.org lists.opensuse.org www.securityfocus.com cve.mitre.org gitlab.com
LOW

CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts

systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.

Package Name: libudev1
Installed Version: 241-7~deb10u4
Fixed Version:

References: bugs.debian.org www.openwall.com bugzilla.redhat.com
LOW

CVE-2019-20386: systemd: memory leak in button_open() in login/logind-button.c when udev events are received

An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.

Package Name: libudev1
Installed Version: 241-7~deb10u4
Fixed Version:

References: lists.opensuse.org cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com
LOW

CVE-2020-13776: systemd: mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits

systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.

Package Name: libudev1
Installed Version: 241-7~deb10u4
Fixed Version:

References: github.com lists.fedoraproject.org security.netapp.com
LOW

CVE-2007-5686

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

Package Name: login
Installed Version: 1:4.5-1.1
Fixed Version:

References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW

CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory trees

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Package Name: login
Installed Version: 1:4.5-1.1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org security-tracker.debian.org
LOW

CVE-2018-7169: shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

Package Name: login
Installed Version: 1:4.5-1.1
Fixed Version:

References: bugs.launchpad.net cve.mitre.org github.com security.gentoo.org
LOW

CVE-2019-19882: shadow-utils: local users can obtain root access because setuid programs are misconfigured

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).

Package Name: login
Installed Version: 1:4.5-1.1
Fixed Version:

References: bugs.archlinux.org bugs.gentoo.org github.com github.com github.com security.gentoo.org
LOW

TEMP-0628843-DBAD28



Package Name: login
Installed Version: 1:4.5-1.1
Fixed Version:

References:
LOW

CVE-2007-5686

initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

Package Name: passwd
Installed Version: 1:4.5-1.1
Fixed Version:

References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW

CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory trees

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Package Name: passwd
Installed Version: 1:4.5-1.1
Fixed Version:

References: access.redhat.com bugzilla.redhat.com cve.mitre.org security-tracker.debian.org
LOW

CVE-2018-7169: shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalation

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

Package Name: passwd
Installed Version: 1:4.5-1.1
Fixed Version:

References: bugs.launchpad.net cve.mitre.org github.com security.gentoo.org
LOW

CVE-2019-19882: shadow-utils: local users can obtain root access because setuid programs are misconfigured

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).

Package Name: passwd
Installed Version: 1:4.5-1.1
Fixed Version:

References: bugs.archlinux.org bugs.gentoo.org github.com github.com github.com security.gentoo.org
LOW

TEMP-0628843-DBAD28



Package Name: passwd
Installed Version: 1:4.5-1.1
Fixed Version:

References:
LOW

CVE-2011-4116: perl: File::Temp insecure temporary file handling

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

Package Name: perl-base
Installed Version: 5.28.1-6+deb10u1
Fixed Version:

References: www.openwall.com www.openwall.com github.com rt.cpan.org seclists.org
LOW

TEMP-0517018-A83CE6



Package Name: sysvinit-utils
Installed Version: 2.93-8
Fixed Version:

References:
LOW

CVE-2005-2541

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Package Name: tar
Installed Version: 1.30+dfsg-6
Fixed Version:

References: marc.info
LOW

CVE-2019-9923: tar: null-pointer dereference in pax_decode_header in sparse.c

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

Package Name: tar
Installed Version: 1.30+dfsg-6
Fixed Version:

References: git.savannah.gnu.org lists.opensuse.org savannah.gnu.org bugs.launchpad.net cve.mitre.org
LOW

TEMP-0290435-0B57B5



Package Name: tar
Installed Version: 1.30+dfsg-6
Fixed Version:

References:
Loading...

These instructions assume you have setup the repository first (or read it).

To pull node @ reference/tag latest: 

docker pull docker.cloudsmith.io/cloudsmith/challenges-pub/node:latest

To refer to this image after pulling in a Dockerfile, specify the following: 

FROM docker.cloudsmith.io/cloudsmith/challenges-pub/node:latest

Note: You should replace latest with an alternative reference to pull, such as: 12-buster-slim.

Still stuck? Need help? Don't panic. Just contact us for help (even if you're not a customer).
Previous Version
Next Version
Top