You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package
(implicit)
name:my-package
(explicit)
Search by package filename:
my-package.ext
(implicit)
filename:my-package.ext
(explicit)
Search by package tag:
latest
(implicit)
tag:latest
(explicit)
Search by package version:
1.0.0
(implicit)
version:1.0.0
(explicit)
prerelease:true
(prereleases)
prerelease:false
(no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo
for negation
For string queries, you can use:
^foo
to anchor to start of term
foo$
to anchor to end of term
foo*bar
for fuzzy matching
For number/date or version queries, you can use:
>foo
for values greater than
>=foo
for values greater / equal
<foo
for values less than
<=foo
for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Go,
Helm,
Hex,
LuaRocks,
Maven,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
node c6ad96c5345c1a714e0052d08d8…
One-liner (summary)
Description
This package was uploaded with the following V2 Distribution manifest:
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 7090,
"digest": "sha256:8acd37496dc14059849c3b0d678b8e5c1ec494517e506440bab5114b507f318a"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 27105484,
"digest": "sha256:852e50cd189dfeb54d97680d9fa6bed21a6d7d18cfb56d6abfe2de9d7f173795"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 4157,
"digest": "sha256:4feb33c38b25af20750293d327ff996cabcfdc353b5e82b34f0ef0bd8d73f331"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 24374846,
"digest": "sha256:6aacc458d6942970ad1d1b73e8036ea8378bb46846f57b76d4b2c17c913b0e96"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 2758107,
"digest": "sha256:2055b416f95b531b402637e95a64aa611d1e5782fa2a156895805ec9f47607b8"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 283,
"digest": "sha256:45b5e630f43d1491337214fcc5de9c8acc9a04bc550a699445b1a0b42bb343fe"
}
]
}
Digest:
sha256:852e50cd189dfeb54d97680d9fa6bed21a6d7d18cfb56d6abfe2de9d7f173795
Command: /bin/sh -c #(nop) ADD file:d2abb0e4e7ac1773741f51f57d3a0b8ffc7907348842d773f8c341ba17f856d5 in / |
25.8 MB | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["bash"] |
32 bytes | ||
Digest:
sha256:4feb33c38b25af20750293d327ff996cabcfdc353b5e82b34f0ef0bd8d73f331
Command: /bin/sh -c groupadd --gid 1000 node && useradd --uid 1000 --gid node --shell /bin/bash --create-home node |
4.1 KB | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV NODE_VERSION=12.20.0 |
32 bytes | ||
Digest:
sha256:6aacc458d6942970ad1d1b73e8036ea8378bb46846f57b76d4b2c17c913b0e96
Command: /bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)" && case "${dpkgArch##*-}" in amd64) ARCH='x64';; ppc64el) ARCH='ppc64le';; s390x) ARCH='s390x';; arm64) ARCH='arm64';; armhf) ARCH='armv7l';; i386) ARCH='x86';; *) echo "unsupported architecture"; exit 1 ;; esac && set -ex && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends && rm -rf /var/lib/apt/lists/* && for key in 4ED778F539E3634C779C87C6D7062848A1AB005C 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 1C050899334244A8AF75E53792EF661D867B9DFA 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C DD8F2338BAE7501E3DD5AC78C273792F7D83545D A48C2BEE680E841632CD4E44F07496B3EB3C1762 108F52B48DB57BB0CC439B2997B01419BD92F80A B9E2F5981AA6E0CD28160D9FF13993A75599653C ; do gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt && apt-mark auto '.*' > /dev/null && find /usr/local -type f -executable -exec ldd '{}' ';' | awk '/=>/ { print $(NF-1) }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && ln -s /usr/local/bin/node /usr/local/bin/nodejs && node --version && npm --version |
23.2 MB | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV YARN_VERSION=1.22.5 |
32 bytes | ||
Digest:
sha256:2055b416f95b531b402637e95a64aa611d1e5782fa2a156895805ec9f47607b8
Command: /bin/sh -c set -ex && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends && rm -rf /var/lib/apt/lists/* && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; done && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && apt-mark auto '.*' > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } && find /usr/local -type f -executable -exec ldd '{}' ';' | awk '/=>/ { print $(NF-1) }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u | xargs -r apt-mark manual && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && yarn --version |
2.6 MB | ||
Digest:
sha256:45b5e630f43d1491337214fcc5de9c8acc9a04bc550a699445b1a0b42bb343fe
Command: /bin/sh -c #(nop) COPY file:238737301d47304174e4d24f4def935b29b3069c03c72ae8de97d94624382fce in /usr/local/bin/ |
283 bytes | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENTRYPOINT ["docker-entrypoint.sh"] |
32 bytes | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["node"] |
32 bytes |
node |
10 |
Last scanned
3 years, 5 months ago
Scan result
Vulnerable
Vulnerability count
85
Max. severity
HighTarget: | /oci (debian 10.6) | |
HIGH |
CVE-2018-12886: gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypassstack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.Package Name: gcc-8-base Installed Version: 8.3.0-6 Fixed Version: References: gcc.gnu.org www.gnu.org |
|
HIGH |
CVE-2019-15847: gcc: POWER9 "DARN" RNG intrinsic produces repeated outputThe POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.Package Name: gcc-8-base Installed Version: 8.3.0-6 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org gcc.gnu.org linux.oracle.com linux.oracle.com |
|
HIGH |
CVE-2020-1751: glibc: array overflow in backtrace functions for powerpcAn out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org usn.ubuntu.com usn.ubuntu.com |
|
HIGH |
CVE-2020-1752: glibc: use-after-free in glob() function when expanding ~userA use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com |
|
HIGH |
CVE-2020-1751: glibc: array overflow in backtrace functions for powerpcAn out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org usn.ubuntu.com usn.ubuntu.com |
|
HIGH |
CVE-2020-1752: glibc: use-after-free in glob() function when expanding ~userA use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com |
|
HIGH |
CVE-2018-12886: gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypassstack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.Package Name: libgcc1 Installed Version: 8.3.0-6 Fixed Version: References: gcc.gnu.org www.gnu.org |
|
HIGH |
CVE-2019-15847: gcc: POWER9 "DARN" RNG intrinsic produces repeated outputThe POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.Package Name: libgcc1 Installed Version: 8.3.0-6 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org gcc.gnu.org linux.oracle.com linux.oracle.com |
|
HIGH |
CVE-2020-24659: gnutls: Heap buffer overflow in handshake with no_renegotiation alert sentAn issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.Package Name: libgnutls30 Installed Version: 3.6.7-4+deb10u5 Fixed Version: References: lists.opensuse.org lists.opensuse.org cve.mitre.org gitlab.com lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org security.netapp.com usn.ubuntu.com usn.ubuntu.com www.gnutls.org |
|
HIGH |
CVE-2019-12290GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.Package Name: libidn2-0 Installed Version: 2.0.5-1+deb10u1 Fixed Version: References: lists.opensuse.org lists.opensuse.org cve.mitre.org gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org usn.ubuntu.com usn.ubuntu.com |
|
HIGH |
CVE-2018-12886: gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow protection bypassstack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.Package Name: libstdc++6 Installed Version: 8.3.0-6 Fixed Version: References: gcc.gnu.org www.gnu.org |
|
HIGH |
CVE-2019-15847: gcc: POWER9 "DARN" RNG intrinsic produces repeated outputThe POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.Package Name: libstdc++6 Installed Version: 8.3.0-6 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org gcc.gnu.org linux.oracle.com linux.oracle.com |
|
HIGH |
CVE-2019-3843: systemd: services with DynamicUser can create SUID/SGID binariesIt was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.Package Name: libsystemd0 Installed Version: 241-7~deb10u4 Fixed Version: References: www.securityfocus.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com |
|
HIGH |
CVE-2019-3844: systemd: services with DynamicUser can get new privileges and create SGID binariesIt was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.Package Name: libsystemd0 Installed Version: 241-7~deb10u4 Fixed Version: References: www.securityfocus.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com usn.ubuntu.com usn.ubuntu.com |
|
HIGH |
CVE-2019-3843: systemd: services with DynamicUser can create SUID/SGID binariesIt was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.Package Name: libudev1 Installed Version: 241-7~deb10u4 Fixed Version: References: www.securityfocus.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com |
|
HIGH |
CVE-2019-3844: systemd: services with DynamicUser can get new privileges and create SGID binariesIt was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.Package Name: libudev1 Installed Version: 241-7~deb10u4 Fixed Version: References: www.securityfocus.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com usn.ubuntu.com usn.ubuntu.com |
|
MEDIUM |
CVE-2020-10029: glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functionsThe GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: lists.opensuse.org cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org security.netapp.com sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com |
|
MEDIUM |
CVE-2020-27618: glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loopNo description is available for this CVE.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: sourceware.org |
|
MEDIUM |
CVE-2020-10029: glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functionsThe GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: lists.opensuse.org cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org security.netapp.com sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com |
|
MEDIUM |
CVE-2020-27618: glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loopNo description is available for this CVE.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: sourceware.org |
|
MEDIUM |
CVE-2019-12904: Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attackIn Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.)Package Name: libgcrypt20 Installed Version: 1.8.4-5 Fixed Version: References: lists.opensuse.org cve.mitre.org dev.gnupg.org github.com github.com people.canonical.com |
|
MEDIUM |
CVE-2019-13627: libgcrypt: ECDSA timing attack allowing private key leakIt was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.Package Name: libgcrypt20 Installed Version: 1.8.4-5 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.openwall.com cve.mitre.org dev.gnupg.org github.com linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org minerva.crocs.fi.muni.cz security-tracker.debian.org security.gentoo.org usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
MEDIUM |
CVE-2020-14155: pcre: integer overflow in libpcrelibpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.Package Name: libpcre3 Installed Version: 2:8.39-12 Fixed Version: References: about.gitlab.com bugs.gentoo.org cve.mitre.org support.apple.com www.pcre.org |
|
LOW |
CVE-2011-3374It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.Package Name: apt Installed Version: 1.8.2.1 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com security-tracker.debian.org snyk.io |
|
LOW |
CVE-2019-18276: bash: when effective UID is not equal to its real UID the saved UID is not droppedAn issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.Package Name: bash Installed Version: 5.0-4 Fixed Version: References: packetstormsecurity.com cve.mitre.org github.com security.netapp.com www.youtube.com |
|
LOW |
TEMP-0841856-B18BAFPackage Name: bash Installed Version: 5.0-4 Fixed Version: References: |
|
LOW |
CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chrootchroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.Package Name: coreutils Installed Version: 8.30-3 Fixed Version: References: seclists.org www.openwall.com www.openwall.com cve.mitre.org lore.kernel.org |
|
LOW |
CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrpIn GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.Package Name: coreutils Installed Version: 8.30-3 Fixed Version: References: lists.gnu.org |
|
LOW |
CVE-2019-14855: gnupg2: OpenPGP Key Certification Forgeries with SHA-1A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.Package Name: gpgv Installed Version: 2.2.12-1+deb10u1 Fixed Version: References: bugzilla.redhat.com cve.mitre.org dev.gnupg.org eprint.iacr.org lists.gnupg.org rwc.iacr.org usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2011-3374It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.Package Name: libapt-pkg5.0 Installed Version: 1.8.2.1 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com security-tracker.debian.org snyk.io |
|
LOW |
CVE-2010-4051: CVE-2010-4052 glibc: De-recursivise regular expression engineThe regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: cxib.net seclists.org secunia.com securityreason.com securityreason.com securitytracker.com www.exploit-db.com www.kb.cert.org www.securityfocus.com www.securityfocus.com bugzilla.redhat.com |
|
LOW |
CVE-2010-4052: CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engineStack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: cxib.net seclists.org secunia.com securityreason.com securityreason.com securitytracker.com www.exploit-db.com www.kb.cert.org www.securityfocus.com www.securityfocus.com bugzilla.redhat.com |
|
LOW |
CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressionsThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: cxib.net securityreason.com securityreason.com |
|
LOW |
CVE-2016-10228: glibc: iconv program can hang when invoked with the -c optionThe iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: openwall.com www.securityfocus.com cve.mitre.org sourceware.org sourceware.org sourceware.org |
|
LOW |
CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.cIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: www.securityfocus.com debbugs.gnu.org lists.gnu.org security.netapp.com support.f5.com |
|
LOW |
CVE-2019-1010022: glibc: stack guard protection bypass** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: security-tracker.debian.org sourceware.org ubuntu.com |
|
LOW |
CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: www.securityfocus.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: www.securityfocus.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-19126: glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binariesOn the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: sourceware.org support.f5.com |
|
LOW |
CVE-2020-6096: glibc: signed comparison vulnerability in the ARMv7 memcpy functionAn exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.Package Name: libc-bin Installed Version: 2.28-10 Fixed Version: References: cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org sourceware.org sourceware.org talosintelligence.com www.talosintelligence.com |
|
LOW |
CVE-2010-4051: CVE-2010-4052 glibc: De-recursivise regular expression engineThe regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: cxib.net seclists.org secunia.com securityreason.com securityreason.com securitytracker.com www.exploit-db.com www.kb.cert.org www.securityfocus.com www.securityfocus.com bugzilla.redhat.com |
|
LOW |
CVE-2010-4052: CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engineStack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: cxib.net seclists.org secunia.com securityreason.com securityreason.com securitytracker.com www.exploit-db.com www.kb.cert.org www.securityfocus.com www.securityfocus.com bugzilla.redhat.com |
|
LOW |
CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressionsThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: cxib.net securityreason.com securityreason.com |
|
LOW |
CVE-2016-10228: glibc: iconv program can hang when invoked with the -c optionThe iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: openwall.com www.securityfocus.com cve.mitre.org sourceware.org sourceware.org sourceware.org |
|
LOW |
CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.cIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: www.securityfocus.com debbugs.gnu.org lists.gnu.org security.netapp.com support.f5.com |
|
LOW |
CVE-2019-1010022: glibc: stack guard protection bypass** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: security-tracker.debian.org sourceware.org ubuntu.com |
|
LOW |
CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: www.securityfocus.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: www.securityfocus.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-19126: glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binariesOn the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org sourceware.org sourceware.org usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: sourceware.org support.f5.com |
|
LOW |
CVE-2020-6096: glibc: signed comparison vulnerability in the ARMv7 memcpy functionAn exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.Package Name: libc6 Installed Version: 2.28-10 Fixed Version: References: cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org sourceware.org sourceware.org talosintelligence.com www.talosintelligence.com |
|
LOW |
CVE-2018-6829: libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive informationcipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.Package Name: libgcrypt20 Installed Version: 1.8.4-5 Fixed Version: References: github.com github.com lists.gnupg.org www.oracle.com |
|
LOW |
CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.Package Name: libgnutls30 Installed Version: 3.6.7-4+deb10u5 Fixed Version: References: arcticdog.wordpress.com blog.mozilla.com blogs.technet.com blogs.technet.com curl.haxx.se downloads.asterisk.org ekoparty.org eprint.iacr.org eprint.iacr.org googlechromereleases.blogspot.com isc.sans.edu lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org marc.info marc.info marc.info marc.info marc.info marc.info my.opera.com osvdb.org rhn.redhat.com rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com technet.microsoft.com vnhacker.blogspot.com www.apcmedia.com www.debian.org www.educatedguesswork.org www.ibm.com www.imperialviolet.org www.insecure.cl www.kb.cert.org www.mandriva.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.oracle.com www.oracle.com www.oracle.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.ubuntu.com www.us-cert.gov blogs.oracle.com bugzilla.novell.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org docs.microsoft.com h20564.www2.hp.com hermes.opensuse.org hermes.opensuse.org ics-cert.us-cert.gov linux.oracle.com linux.oracle.com oval.cisecurity.org usn.ubuntu.com |
|
LOW |
CVE-2019-17543: lz4: heap-based buffer overflow in LZ4_write32LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."Package Name: liblz4-1 Installed Version: 1.8.3-1 Fixed Version: References: lists.opensuse.org lists.opensuse.org bugs.chromium.org cve.mitre.org github.com github.com github.com github.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org www.oracle.com |
|
LOW |
CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcre3 Installed Version: 2:8.39-12 Fixed Version: References: openwall.com www.securityfocus.com cve.mitre.org |
|
LOW |
CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.Package Name: libpcre3 Installed Version: 2:8.39-12 Fixed Version: References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com bugs.exim.org |
|
LOW |
CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.Package Name: libpcre3 Installed Version: 2:8.39-12 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.Package Name: libpcre3 Installed Version: 2:8.39-12 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2019-20838: pcre: buffer over-read in JIT when UTF is disabledlibpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.Package Name: libpcre3 Installed Version: 2:8.39-12 Fixed Version: References: bugs.gentoo.org cve.mitre.org support.apple.com www.pcre.org |
|
LOW |
CVE-2019-9893: libseccomp: incorrect generation of syscall filters in libseccomplibseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.Package Name: libseccomp2 Installed Version: 2.3.3-4 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.paul-moore.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com seclists.org security.gentoo.org usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.openwall.com |
|
LOW |
CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contextssystemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.Package Name: libsystemd0 Installed Version: 241-7~deb10u4 Fixed Version: References: bugs.debian.org www.openwall.com bugzilla.redhat.com |
|
LOW |
CVE-2019-20386: systemd: memory leak in button_open() in login/logind-button.c when udev events are receivedAn issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.Package Name: libsystemd0 Installed Version: 241-7~deb10u4 Fixed Version: References: lists.opensuse.org cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2020-13776: systemd: mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digitssystemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.Package Name: libsystemd0 Installed Version: 241-7~deb10u4 Fixed Version: References: github.com lists.fedoraproject.org security.netapp.com |
|
LOW |
CVE-2018-1000654: libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustionGNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.Package Name: libtasn1-6 Installed Version: 4.13-3 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com cve.mitre.org gitlab.com |
|
LOW |
CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contextssystemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.Package Name: libudev1 Installed Version: 241-7~deb10u4 Fixed Version: References: bugs.debian.org www.openwall.com bugzilla.redhat.com |
|
LOW |
CVE-2019-20386: systemd: memory leak in button_open() in login/logind-button.c when udev events are receivedAn issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.Package Name: libudev1 Installed Version: 241-7~deb10u4 Fixed Version: References: lists.opensuse.org cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org security.netapp.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2020-13776: systemd: mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digitssystemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.Package Name: libudev1 Installed Version: 241-7~deb10u4 Fixed Version: References: github.com lists.fedoraproject.org security.netapp.com |
|
LOW |
CVE-2007-5686initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.Package Name: login Installed Version: 1:4.5-1.1 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com |
|
LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: login Installed Version: 1:4.5-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org security-tracker.debian.org |
|
LOW |
CVE-2018-7169: shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalationAn issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.Package Name: login Installed Version: 1:4.5-1.1 Fixed Version: References: bugs.launchpad.net cve.mitre.org github.com security.gentoo.org |
|
LOW |
CVE-2019-19882: shadow-utils: local users can obtain root access because setuid programs are misconfiguredshadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).Package Name: login Installed Version: 1:4.5-1.1 Fixed Version: References: bugs.archlinux.org bugs.gentoo.org github.com github.com github.com security.gentoo.org |
|
LOW |
TEMP-0628843-DBAD28Package Name: login Installed Version: 1:4.5-1.1 Fixed Version: References: |
|
LOW |
CVE-2007-5686initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.Package Name: passwd Installed Version: 1:4.5-1.1 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com |
|
LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: passwd Installed Version: 1:4.5-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org security-tracker.debian.org |
|
LOW |
CVE-2018-7169: shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing privilege escalationAn issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.Package Name: passwd Installed Version: 1:4.5-1.1 Fixed Version: References: bugs.launchpad.net cve.mitre.org github.com security.gentoo.org |
|
LOW |
CVE-2019-19882: shadow-utils: local users can obtain root access because setuid programs are misconfiguredshadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).Package Name: passwd Installed Version: 1:4.5-1.1 Fixed Version: References: bugs.archlinux.org bugs.gentoo.org github.com github.com github.com security.gentoo.org |
|
LOW |
TEMP-0628843-DBAD28Package Name: passwd Installed Version: 1:4.5-1.1 Fixed Version: References: |
|
LOW |
CVE-2011-4116: perl: File::Temp insecure temporary file handling_is_safe in the File::Temp module for Perl does not properly handle symlinks.Package Name: perl-base Installed Version: 5.28.1-6+deb10u1 Fixed Version: References: www.openwall.com www.openwall.com github.com rt.cpan.org seclists.org |
|
LOW |
TEMP-0517018-A83CE6Package Name: sysvinit-utils Installed Version: 2.93-8 Fixed Version: References: |
|
LOW |
CVE-2005-2541Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.Package Name: tar Installed Version: 1.30+dfsg-6 Fixed Version: References: marc.info |
|
LOW |
CVE-2019-9923: tar: null-pointer dereference in pax_decode_header in sparse.cpax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.Package Name: tar Installed Version: 1.30+dfsg-6 Fixed Version: References: git.savannah.gnu.org lists.opensuse.org savannah.gnu.org bugs.launchpad.net cve.mitre.org |
|
LOW |
TEMP-0290435-0B57B5Package Name: tar Installed Version: 1.30+dfsg-6 Fixed Version: References: |
These instructions assume you have setup the repository first (or read it).
To pull node @ reference/tag latest:
docker pull docker.cloudsmith.io/cloudsmith/challenges-pub/node:latest
To refer to this image after pulling in a Dockerfile, specify the following:
FROM docker.cloudsmith.io/cloudsmith/challenges-pub/node:latest
Note: You should replace latest with an alternative reference to pull, such as: 12-buster-slim.