You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package
(implicit)
name:my-package
(explicit)
Search by package filename:
my-package.ext
(implicit)
filename:my-package.ext
(explicit)
Search by package tag:
latest
(implicit)
tag:latest
(explicit)
Search by package version:
1.0.0
(implicit)
version:1.0.0
(explicit)
prerelease:true
(prereleases)
prerelease:false
(no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo
for negation
For string queries, you can use:
^foo
to anchor to start of term
foo$
to anchor to end of term
foo*bar
for fuzzy matching
For number/date or version queries, you can use:
>foo
for values greater than
>=foo
for values greater / equal
<foo
for values less than
<=foo
for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Go,
Helm,
Hex,
LuaRocks,
Maven,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
example 8feacf9285cf2fbb6abcc649253…
One-liner (summary)
Description
Status | Completed |
---|---|
GPG Signature | |
Storage Region | Dublin, Ireland |
Type | Binary (contains binaries and binary artifacts) |
Uploaded At | 1 year, 8 months ago |
Uploaded By | |
Slug Id | example-aVK |
Unique Id | x2I9KbuNHeoX |
Version (Raw) | 8feacf9285cf2fbb6abcc649253345ed7edff25d0de0c824cdd384a56671b1a3 |
Version (Parsed) |
|
docker-specific metadata | |
Image Digest | sha256:8feacf9285cf2fbb6abcc649253345ed7edff25d0de0c824cdd384a56671b1a3 |
Config Digest | sha256:0d7ac69684ad83d206968fcf388ffa7a32c66dc89e23df9b4855e46194f69cdc |
V1 OCI Index Digest | sha256:2086619083d7428143da88c783d18feef3c0a50bde9f2dab639c4c008e98a150 |
V1 Distribution (Signed) Digest | sha256:cf38098a029f7595a6f9d9a23152aadf0a484a3a9213ff75cf44fbcc9106fe7e |
V1 OCI Digest | sha256:1501aa661173008bbe77796343684888a39469fef86c1cb2af5f0cd607932a8f |
V2 Distribution List Digest | sha256:ac8d04eb0ff24ec6e8dbe1663b48c54659a86e684cc5e91284dd2f6107d3e33b |
V1 Distribution Digest | sha256:3bdc9e5e21d7850bbadb737e34548b8f80587409ba2834573bfe20a57766da82 |
V2 Distribution Digest | sha256:8feacf9285cf2fbb6abcc649253345ed7edff25d0de0c824cdd384a56671b1a3 |
Cosign Manifests | |
ATT | example (sha256:a28e2b0a7abe36b431b56d4123f5b7ad378bf58b6813b27a5231c9271380028a) |
ATT | example (sha256:5c181e9f9e336a0494185298c79ea24f004f07df5271509d38b4211abccd805a) |
SIG | example (sha256:d523f4db91f8dcf4653b40c41c9752d4d4d8902824326483d73028cce9db7b31) |
extended metadata | |
Manifest Type | V2 Distribution |
Architecture | amd64 |
Config | |
Container | 3d8fa3a2e98a053a4f0e8e0ce1655b3b458c2114c60d149e644c1d5bd30b218f |
Container Config | |
Created | 2022-07-18 15:37:02 UTC |
Docker Version | 20.10.17+azure-1 |
Os | linux |
This package was uploaded with the following V2 Distribution manifest:
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 8477,
"digest": "sha256:c4714ec1deb97bf1f198adf053fbee645f7f7d0fdff0d2802a0f01f3c998f4e0"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 54999406,
"digest": "sha256:d836772a1c1f9c4b1f280fb2a98ace30a4c4c87370f89aa092b35dfd9556278a"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 5156110,
"digest": "sha256:66a9e63c657ad881997f5165c0826be395bfc064415876b9fbaae74bcb5dc721"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 10876416,
"digest": "sha256:d1989b6e74cfdda1591b9dd23be47c5caeb002b7a151379361ec0c3f0e6d0e52"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 54579006,
"digest": "sha256:c28818711e1ed38df107014a20127b41491b224d7aed8aa7066b55552d9600d2"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 196774352,
"digest": "sha256:5084fa7ebd744165b15df008a9c14db7fc3d6af34cce64ba85bbaa348af594a3"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 4200,
"digest": "sha256:3edb14de22dabcf57b4d2102a3e952f3b6a2ede9126a0d5eaad1ee43463993d1"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 45771940,
"digest": "sha256:9dd3efa30ca7415d18ee1b8ccb7dc19b86db0584cc676252815811450d8bd17f"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 2290258,
"digest": "sha256:52a5333c4aeb8db1a0b9873f7f8176659ea65dd6c5afff8da8ed2786b9831909"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 450,
"digest": "sha256:2d09a6fe467be8ecdd436e8834a9adcad13fb9178b1d44239e9f5725e465dc0a"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 92,
"digest": "sha256:ab854d7a425e040a0d28776e29f633b417ee358c93e360a8f14ee96e7189791a"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 620,
"digest": "sha256:57328492cdb80c4c14e75600d08009f738f208285dbfb8f8bf7cb11ffcfccbbf"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 891881,
"digest": "sha256:a17fa93dabe97fdde54f74f694f6753276d9dd0c1f92c021129802a9717d33ba"
}
]
}
Digest:
sha256:d836772a1c1f9c4b1f280fb2a98ace30a4c4c87370f89aa092b35dfd9556278a
Command: /bin/sh -c #(nop) ADD file:3451708ab45bc1bcfc1ebb2075d3af16767477cbeb79334959e0d1ff02b0864b in / |
52.5 MB | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["bash"] |
32 bytes | ||
Digest:
sha256:66a9e63c657ad881997f5165c0826be395bfc064415876b9fbaae74bcb5dc721
Command: /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends ca-certificates curl netbase wget ; rm -rf /var/lib/apt/lists/* |
4.9 MB | ||
Digest:
sha256:d1989b6e74cfdda1591b9dd23be47c5caeb002b7a151379361ec0c3f0e6d0e52
Command: /bin/sh -c set -ex; if ! command -v gpg > /dev/null; then apt-get update; apt-get install -y --no-install-recommends gnupg dirmngr ; rm -rf /var/lib/apt/lists/*; fi |
10.4 MB | ||
Digest:
sha256:c28818711e1ed38df107014a20127b41491b224d7aed8aa7066b55552d9600d2
Command: /bin/sh -c apt-get update && apt-get install -y --no-install-recommends git mercurial openssh-client subversion procps && rm -rf /var/lib/apt/lists/* |
52.1 MB | ||
Digest:
sha256:5084fa7ebd744165b15df008a9c14db7fc3d6af34cce64ba85bbaa348af594a3
Command: /bin/sh -c set -ex; apt-get update; apt-get install -y --no-install-recommends autoconf automake bzip2 dpkg-dev file g++ gcc imagemagick libbz2-dev libc6-dev libcurl4-openssl-dev libdb-dev libevent-dev libffi-dev libgdbm-dev libglib2.0-dev libgmp-dev libjpeg-dev libkrb5-dev liblzma-dev libmagickcore-dev libmagickwand-dev libmaxminddb-dev libncurses5-dev libncursesw5-dev libpng-dev libpq-dev libreadline-dev libsqlite3-dev libssl-dev libtool libwebp-dev libxml2-dev libxslt-dev libyaml-dev make patch unzip xz-utils zlib1g-dev $( if apt-cache show 'default-libmysqlclient-dev' 2>/dev/null | grep -q '^Version:'; then echo 'default-libmysqlclient-dev'; else echo 'libmysqlclient-dev'; fi ) ; rm -rf /var/lib/apt/lists/* |
187.7 MB | ||
Digest:
sha256:3edb14de22dabcf57b4d2102a3e952f3b6a2ede9126a0d5eaad1ee43463993d1
Command: /bin/sh -c groupadd --gid 1000 node && useradd --uid 1000 --gid node --shell /bin/bash --create-home node |
4.1 KB | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV NODE_VERSION=18.6.0 |
32 bytes | ||
Digest:
sha256:9dd3efa30ca7415d18ee1b8ccb7dc19b86db0584cc676252815811450d8bd17f
Command: /bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)" && case "${dpkgArch##*-}" in amd64) ARCH='x64';; ppc64el) ARCH='ppc64le';; s390x) ARCH='s390x';; arm64) ARCH='arm64';; armhf) ARCH='armv7l';; i386) ARCH='x86';; *) echo "unsupported architecture"; exit 1 ;; esac && set -ex && for key in 4ED778F539E3634C779C87C6D7062848A1AB005C 141F07595B7B3FFE74309A937405533BE57C7D57 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 74F12602B6F1C4E913FAA37AD3A89613643B6201 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 61FC681DFB92A079F1685E77973F295594EC4689 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C DD8F2338BAE7501E3DD5AC78C273792F7D83545D A48C2BEE680E841632CD4E44F07496B3EB3C1762 108F52B48DB57BB0CC439B2997B01419BD92F80A B9E2F5981AA6E0CD28160D9FF13993A75599653C ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt && ln -s /usr/local/bin/node /usr/local/bin/nodejs && node --version && npm --version |
43.7 MB | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV YARN_VERSION=1.22.19 |
32 bytes | ||
Digest:
sha256:52a5333c4aeb8db1a0b9873f7f8176659ea65dd6c5afff8da8ed2786b9831909
Command: /bin/sh -c set -ex && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; done && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && yarn --version |
2.2 MB | ||
Digest:
sha256:2d09a6fe467be8ecdd436e8834a9adcad13fb9178b1d44239e9f5725e465dc0a
Command: /bin/sh -c #(nop) COPY file:4d192565a7220e135cab6c77fbc1c73211b69f3d9fb37e62857b2c6eb9363d51 in /usr/local/bin/ |
450 bytes | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENTRYPOINT ["docker-entrypoint.sh"] |
32 bytes | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["node"] |
32 bytes | ||
Digest:
sha256:ab854d7a425e040a0d28776e29f633b417ee358c93e360a8f14ee96e7189791a
Command: /bin/sh -c #(nop) WORKDIR /app |
92 bytes | ||
Digest:
sha256:57328492cdb80c4c14e75600d08009f738f208285dbfb8f8bf7cb11ffcfccbbf
Command: /bin/sh -c #(nop) COPY multi:2dadb333806e50aa09b0e2ce21aa179830b41d4879ee9660f0977063be9c49a0 in ./ |
620 bytes | ||
Digest:
sha256:a17fa93dabe97fdde54f74f694f6753276d9dd0c1f92c021129802a9717d33ba
Command: /bin/sh -c npm install |
871.0 KB | ||
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["/bin/sh" "-c" "bash"] |
32 bytes |
example |
1 |
Last scanned
1 year, 8 months ago
Scan result
Vulnerable
Vulnerability count
1126
Max. severity
CriticalTarget: | . (debian 11.4) | |
CRITICAL |
CVE-2021-22945: curl: use-after-free and double-free in MQTT sendingWhen sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com www.oracle.com |
|
CRITICAL |
CVE-2022-32207: curl: Unpreserved file permissionsWhen curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
CRITICAL |
CVE-2021-30473: aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.Package Name: libaom0 Installed Version: 1.0.0.errata1-3 Fixed Version: References: aomedia.googlesource.com bugs.chromium.org lists.fedoraproject.org |
|
CRITICAL |
CVE-2021-30474: aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free.Package Name: libaom0 Installed Version: 1.0.0.errata1-3 Fixed Version: References: aomedia.googlesource.com bugs.chromium.org |
|
CRITICAL |
CVE-2021-30475: aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.Package Name: libaom0 Installed Version: 1.0.0.errata1-3 Fixed Version: References: aomedia.googlesource.com bugs.chromium.org lists.fedoraproject.org |
|
CRITICAL |
CVE-2021-22945: curl: use-after-free and double-free in MQTT sendingWhen sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com www.oracle.com |
|
CRITICAL |
CVE-2022-32207: curl: Unpreserved file permissionsWhen curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
CRITICAL |
CVE-2021-22945: curl: use-after-free and double-free in MQTT sendingWhen sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com www.oracle.com |
|
CRITICAL |
CVE-2022-32207: curl: Unpreserved file permissionsWhen curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
CRITICAL |
CVE-2021-22945: curl: use-after-free and double-free in MQTT sendingWhen sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com www.oracle.com |
|
CRITICAL |
CVE-2022-32207: curl: Unpreserved file permissionsWhen curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
CRITICAL |
CVE-2019-8457: sqlite: heap out-of-bound read in function rtreenode()SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.Package Name: libdb5.3 Installed Version: 5.3.28+dfsg1-0.8 Fixed Version: References: lists.opensuse.org access.redhat.com cve.mitre.org kc.mcafee.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com www.sqlite.org www.sqlite.org |
|
CRITICAL |
CVE-2019-8457: sqlite: heap out-of-bound read in function rtreenode()SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.Package Name: libdb5.3-dev Installed Version: 5.3.28+dfsg1-0.8 Fixed Version: References: lists.opensuse.org access.redhat.com cve.mitre.org kc.mcafee.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com www.sqlite.org www.sqlite.org |
|
CRITICAL |
CVE-2022-1253: Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com huntr.dev |
|
CRITICAL |
CVE-2022-32081: mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.ccMariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
CRITICAL |
CVE-2022-32091: mariadb: server crash in JOIN_CACHE::free or in copy_fieldsMariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
CRITICAL |
CVE-2022-32081: mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.ccMariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
CRITICAL |
CVE-2022-32091: mariadb: server crash in JOIN_CACHE::free or in copy_fieldsMariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
CRITICAL |
CVE-2022-32081: mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.ccMariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
CRITICAL |
CVE-2022-32091: mariadb: server crash in JOIN_CACHE::free or in copy_fieldsMariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
CRITICAL |
CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.Package Name: libpcre2-16-0 Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.Package Name: libpcre2-16-0 Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.Package Name: libpcre2-32-0 Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.Package Name: libpcre2-32-0 Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.Package Name: libpcre2-8-0 Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.Package Name: libpcre2-8-0 Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.Package Name: libpcre2-dev Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.Package Name: libpcre2-dev Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2022-1586: pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.Package Name: libpcre2-posix2 Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2022-1587: pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.cAn out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.Package Name: libpcre2-posix2 Installed Version: 10.36-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov |
|
CRITICAL |
CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argumentIn Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).Package Name: libpython3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org mail.python.org nvd.nist.gov security.netapp.com ubuntu.com |
|
CRITICAL |
CVE-2021-29921: python-ipaddress: Improper input validation of octal stringsIn Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.Package Name: libpython3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com python-security.readthedocs.io security.netapp.com sick.codes ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com |
|
CRITICAL |
CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argumentIn Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).Package Name: libpython3.9-stdlib Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org mail.python.org nvd.nist.gov security.netapp.com ubuntu.com |
|
CRITICAL |
CVE-2021-29921: python-ipaddress: Improper input validation of octal stringsIn Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.Package Name: libpython3.9-stdlib Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com python-security.readthedocs.io security.netapp.com sick.codes ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com |
|
CRITICAL |
CVE-2022-32081: mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.ccMariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
CRITICAL |
CVE-2022-32091: mariadb: server crash in JOIN_CACHE::free or in copy_fieldsMariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
CRITICAL |
CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argumentIn Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).Package Name: python3.9 Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org mail.python.org nvd.nist.gov security.netapp.com ubuntu.com |
|
CRITICAL |
CVE-2021-29921: python-ipaddress: Improper input validation of octal stringsIn Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.Package Name: python3.9 Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com python-security.readthedocs.io security.netapp.com sick.codes ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com |
|
CRITICAL |
CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argumentIn Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).Package Name: python3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org mail.python.org nvd.nist.gov security.netapp.com ubuntu.com |
|
CRITICAL |
CVE-2021-29921: python-ipaddress: Improper input validation of octal stringsIn Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.Package Name: python3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com python-security.readthedocs.io security.netapp.com sick.codes ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com |
|
HIGH |
CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystemAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.Package Name: comerr-dev Installed Version: 1.46.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2021-22946: curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocolsA user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com support.apple.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
HIGH |
CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-useAn improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2022-27775: curl: bad local IPv6 connection reuseAn information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2022-27781: curl: CERTINFO never-ending busy-looplibcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-27782: curl: TLS and SSH connection too eager reuselibcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystemAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.Package Name: e2fsprogs Installed Version: 1.46.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image dataGNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.Package Name: gir1.2-gdkpixbuf-2.0 Installed Version: 2.42.2+dfsg-1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io |
|
HIGH |
CVE-2022-24765: git: On multi-user machines Git users might find themselves unexpectedly in a Git worktreeGit for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.Package Name: git Installed Version: 1:2.30.2-1 Fixed Version: References: seclists.org www.openwall.com access.redhat.com cve.mitre.org git-scm.com git-scm.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org support.apple.com ubuntu.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-29187: git: Bypass of safe.directory protectionsGit is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.Package Name: git Installed Version: 1:2.30.2-1 Fixed Version: References: www.openwall.com access.redhat.com cve.mitre.org github.blog github.com lore.kernel.org ubuntu.com |
|
HIGH |
CVE-2022-24765: git: On multi-user machines Git users might find themselves unexpectedly in a Git worktreeGit for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\.git\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\Users` if the user profile is located in `C:\Users\my-user-name`.Package Name: git-man Installed Version: 1:2.30.2-1 Fixed Version: References: seclists.org www.openwall.com access.redhat.com cve.mitre.org git-scm.com git-scm.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org support.apple.com ubuntu.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-29187: git: Bypass of safe.directory protectionsGit is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.Package Name: git-man Installed Version: 1:2.30.2-1 Fixed Version: References: www.openwall.com access.redhat.com cve.mitre.org github.blog github.com lore.kernel.org ubuntu.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2020-0478: In extend_frame_lowbd of restoration.c, there is a possible out of bou ...In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150780418Package Name: libaom0 Installed Version: 1.0.0.errata1-3 Fixed Version: References: source.android.com |
|
HIGH |
CVE-2020-36131: AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.Package Name: libaom0 Installed Version: 1.0.0.errata1-3 Fixed Version: References: aomedia.googlesource.com bugs.chromium.org cve.mitre.org |
|
HIGH |
CVE-2020-36133: AOM v2.0.1 was discovered to contain a global buffer overflow via the ...AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.Package Name: libaom0 Installed Version: 1.0.0.errata1-3 Fixed Version: References: aomedia.googlesource.com bugs.chromium.org cve.mitre.org |
|
HIGH |
CVE-2021-3999: glibc: Off-by-one buffer overflow/underflow in getcwd()A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.Package Name: libc-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com ubuntu.com ubuntu.com www.openwall.com |
|
HIGH |
CVE-2021-3999: glibc: Off-by-one buffer overflow/underflow in getcwd()A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.Package Name: libc-dev-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com ubuntu.com ubuntu.com www.openwall.com |
|
HIGH |
CVE-2021-3999: glibc: Off-by-one buffer overflow/underflow in getcwd()A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.Package Name: libc6 Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com ubuntu.com ubuntu.com www.openwall.com |
|
HIGH |
CVE-2021-3999: glibc: Off-by-one buffer overflow/underflow in getcwd()A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.Package Name: libc6-dev Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com ubuntu.com ubuntu.com www.openwall.com |
|
HIGH |
CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystemAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.Package Name: libcom-err2 Installed Version: 1.46.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2021-22946: curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocolsA user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com support.apple.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
HIGH |
CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-useAn improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2022-27775: curl: bad local IPv6 connection reuseAn information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2022-27781: curl: CERTINFO never-ending busy-looplibcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-27782: curl: TLS and SSH connection too eager reuselibcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2021-22946: curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocolsA user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com support.apple.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
HIGH |
CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-useAn improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2022-27775: curl: bad local IPv6 connection reuseAn information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2022-27781: curl: CERTINFO never-ending busy-looplibcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-27782: curl: TLS and SSH connection too eager reuselibcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2021-22946: curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocolsA user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com support.apple.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
HIGH |
CVE-2022-22576: curl: OAUTH2 bearer bypass in connection re-useAn improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2022-27775: curl: bad local IPv6 connection reuseAn information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2022-27781: curl: CERTINFO never-ending busy-looplibcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-27782: curl: TLS and SSH connection too eager reuselibcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
HIGH |
CVE-2020-21598: libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: cwe.mitre.org github.com |
|
HIGH |
CVE-2021-36409: There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
HIGH |
CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystemAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.Package Name: libext2fs2 Installed Version: 1.46.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2021-33560: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powmLibgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.Package Name: libgcrypt20 Installed Version: 1.8.7-6 Fixed Version: References: access.redhat.com access.redhat.com cve.mitre.org dev.gnupg.org dev.gnupg.org dev.gnupg.org dev.gnupg.org eprint.iacr.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
HIGH |
CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image dataGNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.Package Name: libgdk-pixbuf-2.0-0 Installed Version: 2.42.2+dfsg-1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io |
|
HIGH |
CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image dataGNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.Package Name: libgdk-pixbuf-2.0-dev Installed Version: 2.42.2+dfsg-1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io |
|
HIGH |
CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image dataGNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.Package Name: libgdk-pixbuf2.0-bin Installed Version: 2.42.2+dfsg-1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io |
|
HIGH |
CVE-2021-44648: gdk-pixbuf: heap-buffer overflow when decoding the lzw compressed stream of image dataGNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.Package Name: libgdk-pixbuf2.0-common Installed Version: 2.42.2+dfsg-1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org sahildhar.github.io |
|
HIGH |
CVE-2020-23109: Buffer overflow vulnerability in function convert_colorspace in heif_c ...Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.Package Name: libheif1 Installed Version: 1.11.0-1 Fixed Version: References: github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-20309: ImagemMagick: Division by zero in WaveImage() of MagickCore/visual-effects.cA flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20312: ImageMagick: Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.cA flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2021-20313: ImageMagick: Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.cA flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-1114: ImageMagick: heap-use-after-free in RelinquishDCMInfo of dcm.cA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
HIGH |
CVE-2022-28463: ImageMagick: heap-buffer-overflow in PushLongPixel() of quantum-private.hImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com lists.debian.org ubuntu.com |
|
HIGH |
CVE-2022-32545: ImageMagick: outside the range of representable values of type 'unsigned char' at coders/psd.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32546: ImageMagick: outside the range of representable values of type 'unsigned long' at coders/pcl.cA vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2022-32547: ImageMagick: load of misaligned address at MagickCore/property.cIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com |
|
HIGH |
CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is usedMariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org jira.mariadb.org lists.fedoraproject.org lists.fedoraproject.org mariadb.com nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27376: mariadb: assertion failure in Item_args::walk_argMariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blobMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27378: mariadb: server crash in create_tmp_table::finalizeAn issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixedAn issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27380: mariadb: server crash at my_decimal::operator=An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statementsAn issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_orderMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.cMariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_trackerAn issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27385: mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_joinAn issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from viewMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27387: mariadb: assertion failures in decimal_bin_sizeMariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equalityMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27445: mariadb: assertion failure in compare_order_elementsMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equalityMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_bufferMariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27448: mariadb: crash in multi-update and implicit groupingThere is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27449: mariadb: assertion failure in sql/item_func.ccMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27451: mariadb: crash via window function in expression in ORDER BYMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.ccMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVINGMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org security.netapp.com |
|
HIGH |
CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.ccMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27457: mariadb: incorrect key in "dup value" error after long uniqueMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_bufferMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-32082: mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.ccMariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_trackerMariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32084: mariadb: segmentation fault via the component sub_selectMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processorMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECTMariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32087: mariadb: server crash in Item_args::walk_argsMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesortMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32089: mariadb: server crash in st_select_lex_unit::exclude_levelMariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.Package Name: libmariadb-dev Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is usedMariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org jira.mariadb.org lists.fedoraproject.org lists.fedoraproject.org mariadb.com nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27376: mariadb: assertion failure in Item_args::walk_argMariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blobMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27378: mariadb: server crash in create_tmp_table::finalizeAn issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixedAn issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27380: mariadb: server crash at my_decimal::operator=An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statementsAn issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_orderMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.cMariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_trackerAn issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27385: mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_joinAn issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from viewMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27387: mariadb: assertion failures in decimal_bin_sizeMariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equalityMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27445: mariadb: assertion failure in compare_order_elementsMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equalityMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_bufferMariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27448: mariadb: crash in multi-update and implicit groupingThere is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27449: mariadb: assertion failure in sql/item_func.ccMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27451: mariadb: crash via window function in expression in ORDER BYMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.ccMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVINGMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org security.netapp.com |
|
HIGH |
CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.ccMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27457: mariadb: incorrect key in "dup value" error after long uniqueMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_bufferMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-32082: mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.ccMariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_trackerMariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32084: mariadb: segmentation fault via the component sub_selectMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processorMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECTMariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32087: mariadb: server crash in Item_args::walk_argsMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesortMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32089: mariadb: server crash in st_select_lex_unit::exclude_levelMariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.Package Name: libmariadb-dev-compat Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is usedMariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org jira.mariadb.org lists.fedoraproject.org lists.fedoraproject.org mariadb.com nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27376: mariadb: assertion failure in Item_args::walk_argMariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blobMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27378: mariadb: server crash in create_tmp_table::finalizeAn issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixedAn issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27380: mariadb: server crash at my_decimal::operator=An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statementsAn issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_orderMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.cMariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_trackerAn issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27385: mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_joinAn issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from viewMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27387: mariadb: assertion failures in decimal_bin_sizeMariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equalityMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27445: mariadb: assertion failure in compare_order_elementsMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equalityMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_bufferMariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27448: mariadb: crash in multi-update and implicit groupingThere is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27449: mariadb: assertion failure in sql/item_func.ccMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27451: mariadb: crash via window function in expression in ORDER BYMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.ccMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVINGMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org security.netapp.com |
|
HIGH |
CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.ccMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27457: mariadb: incorrect key in "dup value" error after long uniqueMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_bufferMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-32082: mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.ccMariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_trackerMariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32084: mariadb: segmentation fault via the component sub_selectMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processorMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECTMariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32087: mariadb: server crash in Item_args::walk_argsMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesortMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32089: mariadb: server crash in st_select_lex_unit::exclude_levelMariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.Package Name: libmariadb3 Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libncurses-dev Installed Version: 6.2+20201114-2 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libncurses5-dev Installed Version: 6.2+20201114-2 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libncurses6 Installed Version: 6.2+20201114-2 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libncursesw5-dev Installed Version: 6.2+20201114-2 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libncursesw6 Installed Version: 6.2+20201114-2 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2021-3575: openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code executionA heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org ubuntu.com |
|
HIGH |
CVE-2021-3575: openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code executionA heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org ubuntu.com |
|
HIGH |
CVE-2020-16156: perl-CPAN: Bypass of verification of signatures in CHECKSUMS filesCPAN 2.28 allows Signature Verification Bypass.Package Name: libperl5.32 Installed Version: 5.32.1-4+deb11u2 Fixed Version: References: blogs.perl.org access.redhat.com blog.hackeriet.no cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org metacpan.org |
|
HIGH |
CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue responseA flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.Package Name: libpython3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov python-security.readthedocs.io security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabsA flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.Package Name: libpython3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com |
|
HIGH |
CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue responseA flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.Package Name: libpython3.9-stdlib Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov python-security.readthedocs.io security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabsA flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.Package Name: libpython3.9-stdlib Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com |
|
HIGH |
CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystemAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.Package Name: libss2 Installed Version: 1.46.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2022-2097: openssl: AES OCB fails to encrypt some bytesAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).Package Name: libssl-dev Installed Version: 1.1.1n-0+deb11u3 Fixed Version: References: access.redhat.com crates.io cve.mitre.org git.openssl.org git.openssl.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov rustsec.org security.netapp.com ubuntu.com www.openssl.org |
|
HIGH |
CVE-2022-2097: openssl: AES OCB fails to encrypt some bytesAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).Package Name: libssl1.1 Installed Version: 1.1.1n-0+deb11u3 Fixed Version: References: access.redhat.com crates.io cve.mitre.org git.openssl.org git.openssl.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov rustsec.org security.netapp.com ubuntu.com www.openssl.org |
|
HIGH |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libtinfo6 Installed Version: 6.2+20201114-2 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2013-7445: kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objectsThe Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.kernel.org cve.mitre.org lists.freedesktop.org |
|
HIGH |
CVE-2019-19378: kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.cIn the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org github.com security.netapp.com |
|
HIGH |
CVE-2019-19449: kernel: mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.cIn the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org github.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2019-19814: kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.cIn the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org github.com security.netapp.com |
|
HIGH |
CVE-2020-12362: kernel: Integer overflow in Intel(R) Graphics DriversInteger overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com www.intel.com |
|
HIGH |
CVE-2021-3847: kernel: low-privileged user privileges escalationAn unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.openwall.com |
|
HIGH |
CVE-2021-3864: kernel: descendant's dumpable setting with certain SUID binariesA flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org lore.kernel.org lore.kernel.org lore.kernel.org www.openwall.com |
|
HIGH |
CVE-2021-39686: kernel: race condition in the Android binder driver could lead to incorrect security checksIn several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernelPackage Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com android.googlesource.com android.googlesource.com android.googlesource.com android.googlesource.com cve.mitre.org source.android.com |
|
HIGH |
CVE-2021-4204: kernel: improper input validation may lead to privilege escalationAn out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org git.launchpad.net ubuntu.com ubuntu.com ubuntu.com www.openwall.com |
|
HIGH |
CVE-2022-0500: kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privilegesA flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org git.kernel.org git.kernel.org git.kernel.org git.kernel.org git.kernel.org git.kernel.org git.kernel.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-1247: kernel: A race condition bug in rose_connect()No description is available for this CVE.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com |
|
HIGH |
CVE-2022-1679: kernel: Use-After-Free in ath9k_htc_probe_device() could cause an escalation of privilegesA use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org git.kernel.org lore.kernel.org lore.kernel.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-1882: kernel: Use-After-Free in free_pipe_info() could cause an escalation of privilegesA use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-26365: Linux disk/nic frontends data leaks T[his CNA information record relat ...Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com xenbits.xen.org lists.fedoraproject.org xenbits.xenproject.org |
|
HIGH |
CVE-2022-33740: Linux disk/nic frontends data leaks T[his CNA information record relat ...Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com xenbits.xen.org lists.fedoraproject.org xenbits.xenproject.org |
|
HIGH |
CVE-2022-33741: Linux disk/nic frontends data leaks T[his CNA information record relat ...Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com xenbits.xen.org lists.fedoraproject.org xenbits.xenproject.org |
|
HIGH |
CVE-2022-33742: Linux disk/nic frontends data leaks T[his CNA information record relat ...Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com xenbits.xen.org lists.fedoraproject.org xenbits.xenproject.org |
|
HIGH |
CVE-2022-33743: network backend may cause Linux netfront to use freed SKBs While addin ...network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com xenbits.xen.org nvd.nist.gov xenbits.xenproject.org |
|
HIGH |
CVE-2022-34918: kernel: heap overflow in nft_set_elem_init()An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com access.redhat.com git.kernel.org lore.kernel.org lore.kernel.org lore.kernel.org nvd.nist.gov www.openwall.com |
|
HIGH |
CVE-2022-1304: e2fsprogs: out-of-bounds read/write via crafted filesystemAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.Package Name: logsave Installed Version: 1.46.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org marc.info nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2021-46669: mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is usedMariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org jira.mariadb.org lists.fedoraproject.org lists.fedoraproject.org mariadb.com nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27376: mariadb: assertion failure in Item_args::walk_argMariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27377: mariadb: use-after-poison when complex conversion is involved in blobMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27378: mariadb: server crash in create_tmp_table::finalizeAn issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27379: mariadb: server crash in component arg_comparator::compare_real_fixedAn issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27380: mariadb: server crash at my_decimal::operator=An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27381: mariadb: server crash at Field::set_default via specially crafted SQL statementsAn issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27382: mariadb: assertion failure via component Item_field::used_tables/update_depend_map_for_orderMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27383: mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.cMariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27384: mariadb: crash via component Item_subselect::init_expr_cache_trackerAn issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27385: mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_joinAn issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27386: mariadb: server crashes in query_arena::set_query_arena upon SELECT from viewMariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27387: mariadb: assertion failures in decimal_bin_sizeMariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27444: mariadb: crash when using HAVING with NOT EXIST predicate in an equalityMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27445: mariadb: assertion failure in compare_order_elementsMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27446: mariadb: crash when using HAVING with IS NULL predicate in an equalityMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27447: mariadb: use-after-poison in Binary_string::free_bufferMariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27448: mariadb: crash in multi-update and implicit groupingThere is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27449: mariadb: assertion failure in sql/item_func.ccMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27451: mariadb: crash via window function in expression in ORDER BYMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27452: mariadb: assertion failure in sql/item_cmpfunc.ccMariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27455: mariadb: use-after-free when WHERE has subquery with an outer reference in HAVINGMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org security.netapp.com |
|
HIGH |
CVE-2022-27456: mariadb: assertion failure in VDec::VDec at /sql/sql_type.ccMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27457: mariadb: incorrect key in "dup value" error after long uniqueMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-27458: mariadb: use-after-poison in Binary_string::free_bufferMariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org nvd.nist.gov security.netapp.com |
|
HIGH |
CVE-2022-32082: mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.ccMariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32083: mariadb: server crash at Item_subselect::init_expr_cache_trackerMariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32084: mariadb: segmentation fault via the component sub_selectMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32085: mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processorMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32086: mariadb: server crash in Item_field::fix_outer_field for INSERT SELECTMariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32087: mariadb: server crash in Item_args::walk_argsMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32088: mariadb: segmentation fault in Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesortMariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-32089: mariadb: server crash in st_select_lex_unit::exclude_levelMariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.Package Name: mariadb-common Installed Version: 1:10.5.15-0+deb11u1 Fixed Version: References: access.redhat.com jira.mariadb.org |
|
HIGH |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: ncurses-base Installed Version: 6.2+20201114-2 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: ncurses-bin Installed Version: 6.2+20201114-2 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
HIGH |
CVE-2021-41617: openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configuredsshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.suse.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.openssh.com www.openssh.com www.openwall.com www.oracle.com |
|
HIGH |
CVE-2022-2097: openssl: AES OCB fails to encrypt some bytesAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).Package Name: openssl Installed Version: 1.1.1n-0+deb11u3 Fixed Version: References: access.redhat.com crates.io cve.mitre.org git.openssl.org git.openssl.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov rustsec.org security.netapp.com ubuntu.com www.openssl.org |
|
HIGH |
CVE-2020-16156: perl-CPAN: Bypass of verification of signatures in CHECKSUMS filesCPAN 2.28 allows Signature Verification Bypass.Package Name: perl Installed Version: 5.32.1-4+deb11u2 Fixed Version: References: blogs.perl.org access.redhat.com blog.hackeriet.no cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org metacpan.org |
|
HIGH |
CVE-2020-16156: perl-CPAN: Bypass of verification of signatures in CHECKSUMS filesCPAN 2.28 allows Signature Verification Bypass.Package Name: perl-base Installed Version: 5.32.1-4+deb11u2 Fixed Version: References: blogs.perl.org access.redhat.com blog.hackeriet.no cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org metacpan.org |
|
HIGH |
CVE-2020-16156: perl-CPAN: Bypass of verification of signatures in CHECKSUMS filesCPAN 2.28 allows Signature Verification Bypass.Package Name: perl-modules-5.32 Installed Version: 5.32.1-4+deb11u2 Fixed Version: References: blogs.perl.org access.redhat.com blog.hackeriet.no cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org metacpan.org |
|
HIGH |
CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue responseA flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.Package Name: python3.9 Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov python-security.readthedocs.io security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabsA flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.Package Name: python3.9 Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com |
|
HIGH |
CVE-2021-3737: python: urllib: HTTP client possible infinite loop on a 100 Continue responseA flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.Package Name: python3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov python-security.readthedocs.io security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
HIGH |
CVE-2022-0391: python: urllib.parse does not sanitize URLs containing ASCII newline and tabsA flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.Package Name: python3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com |
|
MEDIUM |
CVE-2021-22947: curl: Server responses received before STARTTLS processed after TLS handshakeWhen curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com launchpad.net linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
MEDIUM |
CVE-2022-27774: curl: credential leak on redirectAn insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
MEDIUM |
CVE-2022-27776: curl: auth/cookie leak on redirectA insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
MEDIUM |
CVE-2022-32205: curl: Set-Cookie denial of serviceA malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
MEDIUM |
CVE-2022-32206: curl: HTTP compression denial of servicecurl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
MEDIUM |
CVE-2022-32208: curl: FTP-KRB bad message verificationWhen curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2020-36130: AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.Package Name: libaom0 Installed Version: 1.0.0.errata1-3 Fixed Version: References: aomedia.googlesource.com bugs.chromium.org cve.mitre.org |
|
MEDIUM |
CVE-2020-36135: AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.Package Name: libaom0 Installed Version: 1.0.0.errata1-3 Fixed Version: References: aomedia.googlesource.com bugs.chromium.org bugs.chromium.org cve.mitre.org |
|
MEDIUM |
CVE-2021-22947: curl: Server responses received before STARTTLS processed after TLS handshakeWhen curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com launchpad.net linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
MEDIUM |
CVE-2022-27774: curl: credential leak on redirectAn insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
MEDIUM |
CVE-2022-27776: curl: auth/cookie leak on redirectA insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
MEDIUM |
CVE-2022-32205: curl: Set-Cookie denial of serviceA malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
MEDIUM |
CVE-2022-32206: curl: HTTP compression denial of servicecurl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
MEDIUM |
CVE-2022-32208: curl: FTP-KRB bad message verificationWhen curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-22947: curl: Server responses received before STARTTLS processed after TLS handshakeWhen curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com launchpad.net linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
MEDIUM |
CVE-2022-27774: curl: credential leak on redirectAn insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
MEDIUM |
CVE-2022-27776: curl: auth/cookie leak on redirectA insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
MEDIUM |
CVE-2022-32205: curl: Set-Cookie denial of serviceA malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
MEDIUM |
CVE-2022-32206: curl: HTTP compression denial of servicecurl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
MEDIUM |
CVE-2022-32208: curl: FTP-KRB bad message verificationWhen curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-22947: curl: Server responses received before STARTTLS processed after TLS handshakeWhen curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: seclists.org access.redhat.com access.redhat.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com launchpad.net linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
MEDIUM |
CVE-2022-27774: curl: credential leak on redirectAn insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
MEDIUM |
CVE-2022-27776: curl: auth/cookie leak on redirectA insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com |
|
MEDIUM |
CVE-2022-32205: curl: Set-Cookie denial of serviceA malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
MEDIUM |
CVE-2022-32206: curl: HTTP compression denial of servicecurl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com |
|
MEDIUM |
CVE-2022-32208: curl: FTP-KRB bad message verificationWhen curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2020-21594: libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2020-21595: libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2020-21596: libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2020-21597: libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2020-21599: libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2020-21600: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: cwe.mitre.org github.com |
|
MEDIUM |
CVE-2020-21601: libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2020-21602: libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: cwe.mitre.org github.com |
|
MEDIUM |
CVE-2020-21603: libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2020-21604: libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2020-21605: libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2020-21606: libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2021-35452: An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2021-36408: An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2021-36410: A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2021-36411: An issue has been found in libde265 v1.0.8 due to incorrect access con ...An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.Package Name: libde265-0 Installed Version: 1.0.8-1 Fixed Version: References: github.com |
|
MEDIUM |
CVE-2022-33068: harfbuzz: integer overflow in the component hb-ot-shape-fallback.ccAn integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.Package Name: libharfbuzz0b Installed Version: 2.7.4-1 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com lists.fedoraproject.org |
|
MEDIUM |
CVE-2021-46822: libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.cThe PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.Package Name: libjpeg-dev Installed Version: 1:2.0.6-4 Fixed Version: References: access.redhat.com cve.mitre.org exchange.xforce.ibmcloud.com github.com nvd.nist.gov |
|
MEDIUM |
CVE-2021-46822: libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.cThe PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.Package Name: libjpeg62-turbo Installed Version: 1:2.0.6-4 Fixed Version: References: access.redhat.com cve.mitre.org exchange.xforce.ibmcloud.com github.com nvd.nist.gov |
|
MEDIUM |
CVE-2021-46822: libjpeg-turbo: heap buffer overflow in get_word_rgb_row() in rdppm.cThe PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.Package Name: libjpeg62-turbo-dev Installed Version: 1:2.0.6-4 Fixed Version: References: access.redhat.com cve.mitre.org exchange.xforce.ibmcloud.com github.com nvd.nist.gov |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-20241: ImageMagick: Division by zero in WriteJP2Image() in coders/jp2.cA flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20243: ImageMagick: Division by zero in GetResizeFilterWeight in MagickCore/resize.cA flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20244: ImageMagick: Division by zero in ImplodeImage in MagickCore/visual-effects.cA flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-20245: ImageMagick: Division by zero in WriteAnimatedWEBPImage() in coders/webp.cA flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org |
|
MEDIUM |
CVE-2021-20246: ImageMagick: Division by zero in ScaleResampleFilter in MagickCore/resample.cA flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.debian.org ubuntu.com |
|
MEDIUM |
CVE-2021-39212: ImageMagick: possible read or write in postscript filesImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com |
|
MEDIUM |
CVE-2021-4219: imagemagick: remote DoS in MagicCore/draw.c via crafted SVG fileA flaw was found in ImageMagick. The vulnerability occurs due to improper use of open functions and leads to a denial of service. This flaw allows an attacker to crash the system.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
MEDIUM |
CVE-2022-1115: ImageMagick: heap-buffer-overflow in PushShortPixel of quantum-private.hNo description is available for this CVE.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2021-23215: OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffersAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.Package Name: libopenexr-dev Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org lists.fedoraproject.org ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-26260: OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffersAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.Package Name: libopenexr-dev Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org lists.fedoraproject.org ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-3598: OpenEXR: Heap buffer overflow in Imf_3_1::CharPtrIO::readCharsThere's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.Package Name: libopenexr-dev Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-3605: OpenEXR: Heap buffer overflow in the rleUncompress functionThere's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.Package Name: libopenexr-dev Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-3933: openexr: Integer-overflow in Imf_3_1::bytesPerDeepLineTableAn integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.Package Name: libopenexr-dev Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.fedoraproject.org ubuntu.com |
|
MEDIUM |
CVE-2021-3941: openexr: Divide-by-zero in Imf_3_1::RGBtoXYZIn ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.Package Name: libopenexr-dev Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.fedoraproject.org ubuntu.com |
|
MEDIUM |
CVE-2021-45942: OpenEXR: heap-based buffer overflow in Imf_3_1:LineCompositeTask:executeOpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.Package Name: libopenexr-dev Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org github.com github.com github.com github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org |
|
MEDIUM |
CVE-2021-23215: OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffersAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.Package Name: libopenexr25 Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org lists.fedoraproject.org ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-26260: OpenEXR: Integer-overflow in Imf_2_5::DwaCompressor::initializeBuffersAn integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.Package Name: libopenexr25 Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.debian.org lists.fedoraproject.org ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-3598: OpenEXR: Heap buffer overflow in Imf_3_1::CharPtrIO::readCharsThere's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.Package Name: libopenexr25 Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-3605: OpenEXR: Heap buffer overflow in the rleUncompress functionThere's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.Package Name: libopenexr25 Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-3933: openexr: Integer-overflow in Imf_3_1::bytesPerDeepLineTableAn integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths.Package Name: libopenexr25 Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.fedoraproject.org ubuntu.com |
|
MEDIUM |
CVE-2021-3941: openexr: Divide-by-zero in Imf_3_1::RGBtoXYZIn ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.Package Name: libopenexr25 Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.fedoraproject.org ubuntu.com |
|
MEDIUM |
CVE-2021-45942: OpenEXR: heap-based buffer overflow in Imf_3_1:LineCompositeTask:executeOpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.Package Name: libopenexr25 Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org github.com github.com github.com github.com github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org |
|
MEDIUM |
CVE-2021-29338: openjpeg: out-of-bounds write due to an integer overflow in opj_compress.cInteger Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org |
|
MEDIUM |
CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointerA flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com github.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org |
|
MEDIUM |
CVE-2021-29338: openjpeg: out-of-bounds write due to an integer overflow in opj_compress.cInteger Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org |
|
MEDIUM |
CVE-2022-1122: openjpeg: segmentation fault in opj2_decompress due to uninitialized pointerA flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com github.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org |
|
MEDIUM |
CVE-2021-3426: python: Information disclosure via pydocThere's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.Package Name: libpython3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org python-security.readthedocs.io security.gentoo.org security.netapp.com ubuntu.com www.oracle.com www.oracle.com |
|
MEDIUM |
CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandlerThere's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.Package Name: libpython3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org docs.python.org docs.python.org docs.python.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-4189: python: ftplib should not use the host from the PASV responseA flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.Package Name: libpython3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com ubuntu.com |
|
MEDIUM |
CVE-2021-3426: python: Information disclosure via pydocThere's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.Package Name: libpython3.9-stdlib Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org python-security.readthedocs.io security.gentoo.org security.netapp.com ubuntu.com www.oracle.com www.oracle.com |
|
MEDIUM |
CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandlerThere's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.Package Name: libpython3.9-stdlib Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org docs.python.org docs.python.org docs.python.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-4189: python: ftplib should not use the host from the PASV responseA flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.Package Name: libpython3.9-stdlib Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com ubuntu.com |
|
MEDIUM |
CVE-2021-45346: sqlite: crafted SQL query allows a malicious user to obtain sensitive informationA Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information..Package Name: libsqlite3-0 Installed Version: 3.34.1-3 Fixed Version: References: access.redhat.com github.com security.netapp.com sqlite.org |
|
MEDIUM |
CVE-2021-45346: sqlite: crafted SQL query allows a malicious user to obtain sensitive informationA Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information..Package Name: libsqlite3-dev Installed Version: 3.34.1-3 Fixed Version: References: access.redhat.com github.com security.netapp.com sqlite.org |
|
MEDIUM |
CVE-2022-1354: libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.cA heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.com |
|
MEDIUM |
CVE-2022-1355: libtiff: stack-buffer-overflow in tiffcp.c in main()A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2022-1622: libtiff: out-of-bounds read in LZWDecodeLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com |
|
MEDIUM |
CVE-2022-1623: libtiff: out-of-bounds read in LZWDecodeLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com |
|
MEDIUM |
CVE-2022-2056: LibTiff: DoS from Divide By Zero ErrorDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-2057: LibTiff: DoS from Divide By Zero ErrorDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-2058: LibTiff: DoS from Divide By Zero ErrorDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-1354: libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.cA heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.com |
|
MEDIUM |
CVE-2022-1355: libtiff: stack-buffer-overflow in tiffcp.c in main()A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2022-1622: libtiff: out-of-bounds read in LZWDecodeLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com |
|
MEDIUM |
CVE-2022-1623: libtiff: out-of-bounds read in LZWDecodeLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com |
|
MEDIUM |
CVE-2022-2056: LibTiff: DoS from Divide By Zero ErrorDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-2057: LibTiff: DoS from Divide By Zero ErrorDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-2058: LibTiff: DoS from Divide By Zero ErrorDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-1354: libtiff: heap-buffer-overflow in TIFFReadRawDataStriped() in tiffinfo.cA heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.com |
|
MEDIUM |
CVE-2022-1355: libtiff: stack-buffer-overflow in tiffcp.c in main()A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com |
|
MEDIUM |
CVE-2022-1622: libtiff: out-of-bounds read in LZWDecodeLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com |
|
MEDIUM |
CVE-2022-1623: libtiff: out-of-bounds read in LZWDecodeLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com |
|
MEDIUM |
CVE-2022-2056: LibTiff: DoS from Divide By Zero ErrorDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-2057: LibTiff: DoS from Divide By Zero ErrorDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-2058: LibTiff: DoS from Divide By Zero ErrorDivide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2019-15213: kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.cAn issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lists.opensuse.org www.openwall.com access.redhat.com cdn.kernel.org cve.mitre.org git.kernel.org linux.oracle.com linux.oracle.com lore.kernel.org security.netapp.com syzkaller.appspot.com |
|
MEDIUM |
CVE-2019-15794: kernel: Overlayfs in the Linux kernel and shiftfs not restoring original value on error leading to a refcount underflowOverlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org git.launchpad.net git.launchpad.net ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
MEDIUM |
CVE-2019-16089: kernel: Improper return check in nbd_genl_status function in drivers/block/nbd.cAn issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lore.kernel.org lore.kernel.org lore.kernel.org security.netapp.com support.f5.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
MEDIUM |
CVE-2019-20794: kernel: task processes not being properly ended could lead to resource exhaustionAn issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com access.redhat.com github.com nvd.nist.gov security.netapp.com sourceforge.net |
|
MEDIUM |
CVE-2020-12363: kernel: Improper input validation in some Intel(R) Graphics DriversImproper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com www.intel.com |
|
MEDIUM |
CVE-2020-12364: kernel: Null pointer dereference in some Intel(R) Graphics DriversNull pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com www.intel.com |
|
MEDIUM |
CVE-2020-14304: kernel: ethtool when reading eeprom of device could lead to memory leakA memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugs.debian.org bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lore.kernel.org |
|
MEDIUM |
CVE-2020-15802: hardware: BLURtooth: "Dual mode" hardware using CTKD are vulnerable to key overwriteDevices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com arxiv.org gizmodo.com hexhive.epfl.ch securityaffairs.co www.bluetooth.com www.kb.cert.org www.kb.cert.org |
|
MEDIUM |
CVE-2020-24504: kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter driversUncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com www.intel.com |
|
MEDIUM |
CVE-2020-26555: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attackBluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org kb.cert.org lists.fedoraproject.org ubuntu.com www.bluetooth.com www.bluetooth.com www.intel.com |
|
MEDIUM |
CVE-2020-36516: kernel: an off-path attacker may inject data or terminate a victim's TCP sessionAn issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com dl.acm.org linux.oracle.com linux.oracle.com security.netapp.com www.spinics.net |
|
MEDIUM |
CVE-2021-33061: kernel: insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may lead to DoSInsufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org security.netapp.com www.intel.com |
|
MEDIUM |
CVE-2021-3669: kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment countsA flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lore.kernel.org |
|
MEDIUM |
CVE-2021-3714: kernel: Remote Page Deduplication AttacksA flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com arxiv.org arxiv.org |
|
MEDIUM |
CVE-2021-3759: kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacksA memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lore.kernel.org ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-4023: kernel: Improper IO-uring request cancellation operation allows local users to cause a crashA flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov |
|
MEDIUM |
CVE-2021-4037: kernel: security regression for CVE-2018-13405A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org errata.almalinux.org git.kernel.org git.kernel.org linux.oracle.com linux.oracle.com |
|
MEDIUM |
CVE-2021-4149: kernel: Improper lock operation in btrfsA vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org git.kernel.org linux.oracle.com linux.oracle.com lists.debian.org lkml.org lkml.org nvd.nist.gov ubuntu.com |
|
MEDIUM |
CVE-2021-44879: kernel: NULL pointer dereference in folio_mark_dirty() via a crafted f2fs imageIn gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.kernel.org cdn.kernel.org cve.mitre.org git.kernel.org lkml.org lore.kernel.org nvd.nist.gov ubuntu.com ubuntu.com www.openwall.com |
|
MEDIUM |
CVE-2022-0171: kernel: KVM: cache incoherence issue in SEV API may lead to kernel crashA flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org git.kernel.org |
|
MEDIUM |
CVE-2022-0400: kernel: Out of bounds read in the smc protocol stackNo description is available for this CVE.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org |
|
MEDIUM |
CVE-2022-0480: kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustionA flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org git.kernel.org github.com lore.kernel.org |
|
MEDIUM |
CVE-2022-1280: kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresourcesA use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com www.openwall.com |
|
MEDIUM |
CVE-2022-1462: kernel: possible race condition in drivers/tty/tty_buffers.cAn out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com seclists.org |
|
MEDIUM |
CVE-2022-2318: Kernel: A use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.cThere are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com github.com nvd.nist.gov |
|
MEDIUM |
CVE-2022-23816: CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return InstructionsA flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com linux.oracle.com linux.oracle.com www.amd.com |
|
MEDIUM |
CVE-2022-23825: hw: cpu: AMD: Branch Type Confusion (non-retbleed)Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org www.amd.com www.debian.org |
|
MEDIUM |
CVE-2022-29900: CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return InstructionsAMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com xenbits.xen.org access.redhat.com comsec.ethz.ch lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org www.amd.com www.debian.org |
|
MEDIUM |
CVE-2022-29901: hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return InstructionsIntel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com comsec.ethz.ch linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org www.amd.com www.intel.com |
|
MEDIUM |
CVE-2022-33744: Arm guests can cause Dom0 DoS via PV devices When mapping pages of gue ...Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com xenbits.xen.org nvd.nist.gov xenbits.xenproject.org |
|
MEDIUM |
CVE-2021-3426: python: Information disclosure via pydocThere's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.Package Name: python3.9 Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org python-security.readthedocs.io security.gentoo.org security.netapp.com ubuntu.com www.oracle.com www.oracle.com |
|
MEDIUM |
CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandlerThere's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.Package Name: python3.9 Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org docs.python.org docs.python.org docs.python.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-4189: python: ftplib should not use the host from the PASV responseA flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.Package Name: python3.9 Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com ubuntu.com |
|
MEDIUM |
CVE-2021-3426: python: Information disclosure via pydocThere's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.Package Name: python3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org python-security.readthedocs.io security.gentoo.org security.netapp.com ubuntu.com www.oracle.com www.oracle.com |
|
MEDIUM |
CVE-2021-3733: python: urllib: Regular expression DoS in AbstractBasicAuthHandlerThere's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.Package Name: python3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org docs.python.org docs.python.org docs.python.org docs.python.org errata.almalinux.org github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
MEDIUM |
CVE-2021-4189: python: ftplib should not use the host from the PASV responseA flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.Package Name: python3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com github.com linux.oracle.com linux.oracle.com ubuntu.com |
|
MEDIUM |
CVE-2022-0529: unzip: Heap out-of-bound writes and reads during conversion of wide string to local stringA flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.Package Name: unzip Installed Version: 6.0-26 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com nvd.nist.gov |
|
MEDIUM |
CVE-2022-0530: unzip: SIGSEGV during the conversion of an utf-8 string to a local stringA flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.Package Name: unzip Installed Version: 6.0-26 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com bugzilla.redhat.com cve.mitre.org github.com nvd.nist.gov support.apple.com support.apple.com support.apple.com |
|
MEDIUM |
CVE-2021-31879: wget: authorization header disclosure on redirectGNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.Package Name: wget Installed Version: 1.21-1+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org mail.gnu.org nvd.nist.gov savannah.gnu.org security.netapp.com |
|
LOW |
CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ...It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.Package Name: apt Installed Version: 2.2.4 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com |
|
LOW |
CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libibertyThe C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org sourceware.org |
|
LOW |
CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.cremember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of serviceThe get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20623: binutils: Use-after-free in the error functionIn GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20673: libiberty: Integer overflow in demangle_template() functionThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org |
|
LOW |
CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com |
|
LOW |
CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crashAn issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of serviceGNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.cAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org |
|
LOW |
CVE-2021-20197: binutils: Race window allows users to own arbitrary filesThere is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org |
|
LOW |
CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.cA flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org |
|
LOW |
CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
LOW |
CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.cA flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org |
|
LOW |
CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameterAn out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
LOW |
CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.cstab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.cGCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.Package Name: binutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libibertyThe C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org sourceware.org |
|
LOW |
CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.cremember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of serviceThe get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20623: binutils: Use-after-free in the error functionIn GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20673: libiberty: Integer overflow in demangle_template() functionThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org |
|
LOW |
CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com |
|
LOW |
CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crashAn issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of serviceGNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.cAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org |
|
LOW |
CVE-2021-20197: binutils: Race window allows users to own arbitrary filesThere is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org |
|
LOW |
CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.cA flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org |
|
LOW |
CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
LOW |
CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.cA flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org |
|
LOW |
CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameterAn out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
LOW |
CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.cstab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.cGCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.Package Name: binutils-common Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libibertyThe C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org sourceware.org |
|
LOW |
CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.cremember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of serviceThe get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20623: binutils: Use-after-free in the error functionIn GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20673: libiberty: Integer overflow in demangle_template() functionThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org |
|
LOW |
CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com |
|
LOW |
CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crashAn issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of serviceGNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.cAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org |
|
LOW |
CVE-2021-20197: binutils: Race window allows users to own arbitrary filesThere is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org |
|
LOW |
CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.cA flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org |
|
LOW |
CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
LOW |
CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.cA flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org |
|
LOW |
CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameterAn out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
LOW |
CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.cstab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.cGCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.Package Name: binutils-x86-64-linux-gnu Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: bsdutils Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chrootchroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.Package Name: coreutils Installed Version: 8.32-4 Fixed Version: References: seclists.org www.openwall.com www.openwall.com access.redhat.com cve.mitre.org lists.apache.org lore.kernel.org nvd.nist.gov |
|
LOW |
CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrpIn GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.Package Name: coreutils Installed Version: 8.32-4 Fixed Version: References: lists.gnu.org access.redhat.com |
|
LOW |
CVE-2021-22898: curl: TELNET stack contents disclosurecurl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: www.openwall.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org errata.almalinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
LOW |
CVE-2021-22922: curl: Content not matching hash in Metalink is not being discardedWhen curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com |
|
LOW |
CVE-2021-22923: curl: Metalink download sends credentialsWhen curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com |
|
LOW |
CVE-2021-22924: curl: Bad connection reuse due to flawed path name checkslibcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.Package Name: curl Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.debian.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com www.oracle.com |
|
LOW |
CVE-2018-1000021: git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commandsGIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).Package Name: git Installed Version: 1:2.30.2-1 Fixed Version: References: www.batterystapl.es access.redhat.com cve.mitre.org |
|
LOW |
CVE-2022-24975: git: The --mirror option for git leaks secret for deleted content, aka the "GitBleed"The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.Package Name: git Installed Version: 1:2.30.2-1 Fixed Version: References: access.redhat.com github.com wwws.nightwatchcybersecurity.com |
|
LOW |
CVE-2018-1000021: git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commandsGIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).Package Name: git-man Installed Version: 1:2.30.2-1 Fixed Version: References: www.batterystapl.es access.redhat.com cve.mitre.org |
|
LOW |
CVE-2022-24975: git: The --mirror option for git leaks secret for deleted content, aka the "GitBleed"The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.Package Name: git-man Installed Version: 1:2.30.2-1 Fixed Version: References: access.redhat.com github.com wwws.nightwatchcybersecurity.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: imagemagick Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6-common Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: imagemagick-6.q16 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: krb5-multidev Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: krb5-multidev Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ...It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.Package Name: libapt-pkg6.0 Installed Version: 2.2.4 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com |
|
LOW |
CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libibertyThe C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org sourceware.org |
|
LOW |
CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.cremember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of serviceThe get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20623: binutils: Use-after-free in the error functionIn GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20673: libiberty: Integer overflow in demangle_template() functionThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org |
|
LOW |
CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com |
|
LOW |
CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crashAn issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of serviceGNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.cAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org |
|
LOW |
CVE-2021-20197: binutils: Race window allows users to own arbitrary filesThere is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org |
|
LOW |
CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.cA flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org |
|
LOW |
CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
LOW |
CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.cA flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org |
|
LOW |
CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameterAn out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
LOW |
CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.cstab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.cGCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.Package Name: libbinutils Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: libblkid-dev Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: libblkid1 Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressionsThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.Package Name: libc-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov |
|
LOW |
CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.cIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.Package Name: libc-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com |
|
LOW |
CVE-2019-1010022: glibc: stack guard protection bypass** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com security-tracker.debian.org sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."Package Name: libc-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.Package Name: libc-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com |
|
LOW |
CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressionsThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.Package Name: libc-dev-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov |
|
LOW |
CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.cIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.Package Name: libc-dev-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com |
|
LOW |
CVE-2019-1010022: glibc: stack guard protection bypass** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc-dev-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com security-tracker.debian.org sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc-dev-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc-dev-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."Package Name: libc-dev-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.Package Name: libc-dev-bin Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com |
|
LOW |
CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressionsThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.Package Name: libc6 Installed Version: 2.31-13+deb11u3 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov |
|
LOW |
CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.cIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.Package Name: libc6 Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com |
|
LOW |
CVE-2019-1010022: glibc: stack guard protection bypass** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc6 Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com security-tracker.debian.org sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc6 Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc6 Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."Package Name: libc6 Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.Package Name: libc6 Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com |
|
LOW |
CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressionsThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.Package Name: libc6-dev Installed Version: 2.31-13+deb11u3 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov |
|
LOW |
CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.cIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.Package Name: libc6-dev Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com |
|
LOW |
CVE-2019-1010022: glibc: stack guard protection bypass** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc6-dev Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com security-tracker.debian.org sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc6-dev Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."Package Name: libc6-dev Installed Version: 2.31-13+deb11u3 Fixed Version: References: www.securityfocus.com access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability."Package Name: libc6-dev Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.Package Name: libc6-dev Installed Version: 2.31-13+deb11u3 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com |
|
LOW |
CVE-2017-7475: cairo: NULL pointer dereference with a crafted font fileCairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.Package Name: libcairo-gobject2 Installed Version: 1.16.0-5 Fixed Version: References: seclists.org access.redhat.com bugs.freedesktop.org bugzilla.redhat.com cve.mitre.org github.com lists.apache.org nvd.nist.gov |
|
LOW |
CVE-2018-18064: cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ documentcairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).Package Name: libcairo-gobject2 Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.freedesktop.org lists.apache.org |
|
LOW |
CVE-2019-6461: cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.cAn issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.Package Name: libcairo-gobject2 Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov |
|
LOW |
CVE-2019-6462: cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.cAn issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.Package Name: libcairo-gobject2 Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2017-7475: cairo: NULL pointer dereference with a crafted font fileCairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.Package Name: libcairo-script-interpreter2 Installed Version: 1.16.0-5 Fixed Version: References: seclists.org access.redhat.com bugs.freedesktop.org bugzilla.redhat.com cve.mitre.org github.com lists.apache.org nvd.nist.gov |
|
LOW |
CVE-2018-18064: cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ documentcairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).Package Name: libcairo-script-interpreter2 Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.freedesktop.org lists.apache.org |
|
LOW |
CVE-2019-6461: cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.cAn issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.Package Name: libcairo-script-interpreter2 Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov |
|
LOW |
CVE-2019-6462: cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.cAn issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.Package Name: libcairo-script-interpreter2 Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2017-7475: cairo: NULL pointer dereference with a crafted font fileCairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.Package Name: libcairo2 Installed Version: 1.16.0-5 Fixed Version: References: seclists.org access.redhat.com bugs.freedesktop.org bugzilla.redhat.com cve.mitre.org github.com lists.apache.org nvd.nist.gov |
|
LOW |
CVE-2018-18064: cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ documentcairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).Package Name: libcairo2 Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.freedesktop.org lists.apache.org |
|
LOW |
CVE-2019-6461: cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.cAn issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.Package Name: libcairo2 Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov |
|
LOW |
CVE-2019-6462: cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.cAn issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.Package Name: libcairo2 Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2017-7475: cairo: NULL pointer dereference with a crafted font fileCairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.Package Name: libcairo2-dev Installed Version: 1.16.0-5 Fixed Version: References: seclists.org access.redhat.com bugs.freedesktop.org bugzilla.redhat.com cve.mitre.org github.com lists.apache.org nvd.nist.gov |
|
LOW |
CVE-2018-18064: cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ documentcairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).Package Name: libcairo2-dev Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.freedesktop.org lists.apache.org |
|
LOW |
CVE-2019-6461: cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.cAn issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.Package Name: libcairo2-dev Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov |
|
LOW |
CVE-2019-6462: cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.cAn issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.Package Name: libcairo2-dev Installed Version: 1.16.0-5 Fixed Version: References: access.redhat.com cve.mitre.org github.com gitlab.freedesktop.org lists.apache.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libibertyThe C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org sourceware.org |
|
LOW |
CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.cremember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of serviceThe get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20623: binutils: Use-after-free in the error functionIn GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20673: libiberty: Integer overflow in demangle_template() functionThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org |
|
LOW |
CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com |
|
LOW |
CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crashAn issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of serviceGNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.cAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org |
|
LOW |
CVE-2021-20197: binutils: Race window allows users to own arbitrary filesThere is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org |
|
LOW |
CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.cA flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org |
|
LOW |
CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
LOW |
CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.cA flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org |
|
LOW |
CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameterAn out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
LOW |
CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.cstab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.cGCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.Package Name: libctf-nobfd0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2017-13716: binutils: Memory leak with the C++ symbol demangler routine in libibertyThe C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org sourceware.org |
|
LOW |
CVE-2018-12934: binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.cremember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugs.launchpad.net cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-18483: binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of serviceThe get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org gcc.gnu.org sourceware.org ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20623: binutils: Use-after-free in the error functionIn GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org sourceware.org support.f5.com ubuntu.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-20673: libiberty: Integer overflow in demangle_template() functionThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com linux.oracle.com linux.oracle.com sourceware.org |
|
LOW |
CVE-2018-20712: libiberty: heap-based buffer over-read in d_expression_1A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org sourceware.org support.f5.com |
|
LOW |
CVE-2018-9996: binutils: Stack-overflow in libiberty/cplus-dem.c causes crashAn issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: www.securityfocus.com access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2019-1010204: binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of serviceGNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com security.netapp.com sourceware.org support.f5.com ubuntu.com |
|
LOW |
CVE-2020-35448: binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.cAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com linux.oracle.com linux.oracle.com security.gentoo.org security.netapp.com sourceware.org sourceware.org |
|
LOW |
CVE-2021-20197: binutils: Race window allows users to own arbitrary filesThere is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com sourceware.org |
|
LOW |
CVE-2021-20284: binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.cA flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com security.netapp.com sourceware.org |
|
LOW |
CVE-2021-3487: binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com |
|
LOW |
CVE-2021-3530: binutils: stack memory exhaustion in demangle_path() in rust-demangle.cA flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org security.netapp.com src.fedoraproject.org |
|
LOW |
CVE-2021-3549: binutils: heap-based buffer overflow in avr_elf32_load_records_from_section() via large section parameterAn out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
LOW |
CVE-2021-45078: binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.cstab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sourceware.org sourceware.org ubuntu.com |
|
LOW |
CVE-2021-46195: gcc: uncontrolled recursion in libiberty/rust-demangle.cGCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.Package Name: libctf0 Installed Version: 2.35.2-2 Fixed Version: References: access.redhat.com gcc.gnu.org |
|
LOW |
CVE-2021-22898: curl: TELNET stack contents disclosurecurl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: www.openwall.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org errata.almalinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
LOW |
CVE-2021-22922: curl: Content not matching hash in Metalink is not being discardedWhen curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com |
|
LOW |
CVE-2021-22923: curl: Metalink download sends credentialsWhen curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com |
|
LOW |
CVE-2021-22924: curl: Bad connection reuse due to flawed path name checkslibcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.Package Name: libcurl3-gnutls Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.debian.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com www.oracle.com |
|
LOW |
CVE-2021-22898: curl: TELNET stack contents disclosurecurl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: www.openwall.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org errata.almalinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
LOW |
CVE-2021-22922: curl: Content not matching hash in Metalink is not being discardedWhen curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com |
|
LOW |
CVE-2021-22923: curl: Metalink download sends credentialsWhen curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com |
|
LOW |
CVE-2021-22924: curl: Bad connection reuse due to flawed path name checkslibcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.Package Name: libcurl4 Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.debian.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com www.oracle.com |
|
LOW |
CVE-2021-22898: curl: TELNET stack contents disclosurecurl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: www.openwall.com access.redhat.com cert-portal.siemens.com curl.se cve.mitre.org errata.almalinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.oracle.com www.oracle.com www.oracle.com |
|
LOW |
CVE-2021-22922: curl: Content not matching hash in Metalink is not being discardedWhen curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com |
|
LOW |
CVE-2021-22923: curl: Metalink download sends credentialsWhen curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com curl.se hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.oracle.com |
|
LOW |
CVE-2021-22924: curl: Bad connection reuse due to flawed path name checkslibcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.Package Name: libcurl4-openssl-dev Installed Version: 7.74.0-1.3+deb11u1 Fixed Version: References: access.redhat.com cert-portal.siemens.com cert-portal.siemens.com cert-portal.siemens.com curl.se cve.mitre.org hackerone.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.debian.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.oracle.com www.oracle.com |
|
LOW |
CVE-2013-0340: expat: internal entity expansionexpat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.Package Name: libexpat1 Installed Version: 2.2.10-2+deb11u3 Fixed Version: References: openwall.com seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org securitytracker.com www.openwall.com www.openwall.com www.osvdb.org www.securityfocus.com access.redhat.com lists.apache.org lists.apache.org nvd.nist.gov security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com |
|
LOW |
CVE-2013-0340: expat: internal entity expansionexpat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.Package Name: libexpat1-dev Installed Version: 2.2.10-2+deb11u3 Fixed Version: References: openwall.com seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org securitytracker.com www.openwall.com www.openwall.com www.osvdb.org www.securityfocus.com access.redhat.com lists.apache.org lists.apache.org nvd.nist.gov security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com |
|
LOW |
CVE-2022-31782: ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.Package Name: libfreetype-dev Installed Version: 2.10.4+dfsg-1+deb11u1 Fixed Version: References: cve.mitre.org gitlab.freedesktop.org |
|
LOW |
CVE-2022-31782: ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.Package Name: libfreetype6 Installed Version: 2.10.4+dfsg-1+deb11u1 Fixed Version: References: cve.mitre.org gitlab.freedesktop.org |
|
LOW |
CVE-2022-31782: ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.Package Name: libfreetype6-dev Installed Version: 2.10.4+dfsg-1+deb11u1 Fixed Version: References: cve.mitre.org gitlab.freedesktop.org |
|
LOW |
CVE-2018-6829: libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive informationcipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.Package Name: libgcrypt20 Installed Version: 1.8.7-6 Fixed Version: References: access.redhat.com github.com github.com lists.gnupg.org www.oracle.com |
|
LOW |
CVE-2012-0039: glib2: hash table collisions CPU usage DoS** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.Package Name: libglib2.0-0 Installed Version: 2.66.8-1 Fixed Version: References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2012-0039: glib2: hash table collisions CPU usage DoS** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.Package Name: libglib2.0-bin Installed Version: 2.66.8-1 Fixed Version: References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2012-0039: glib2: hash table collisions CPU usage DoS** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.Package Name: libglib2.0-data Installed Version: 2.66.8-1 Fixed Version: References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2012-0039: glib2: hash table collisions CPU usage DoS** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.Package Name: libglib2.0-dev Installed Version: 2.66.8-1 Fixed Version: References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2012-0039: glib2: hash table collisions CPU usage DoS** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.Package Name: libglib2.0-dev-bin Installed Version: 2.66.8-1 Fixed Version: References: bugs.debian.org mail.gnome.org openwall.com access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.Package Name: libgnutls30 Installed Version: 3.7.1-5+deb11u1 Fixed Version: References: arcticdog.wordpress.com blog.mozilla.com blogs.technet.com blogs.technet.com curl.haxx.se downloads.asterisk.org ekoparty.org eprint.iacr.org eprint.iacr.org googlechromereleases.blogspot.com isc.sans.edu lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org marc.info marc.info marc.info marc.info marc.info marc.info my.opera.com osvdb.org rhn.redhat.com rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com technet.microsoft.com vnhacker.blogspot.com www.apcmedia.com www.debian.org www.educatedguesswork.org www.ibm.com www.imperialviolet.org www.insecure.cl www.kb.cert.org www.mandriva.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.oracle.com www.oracle.com www.oracle.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.ubuntu.com www.us-cert.gov access.redhat.com blogs.oracle.com bugzilla.novell.com bugzilla.redhat.com cert-portal.siemens.com cve.mitre.org docs.microsoft.com h20564.www2.hp.com hermes.opensuse.org hermes.opensuse.org ics-cert.us-cert.gov linux.oracle.com linux.oracle.com oval.cisecurity.org ubuntu.com |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: libgssapi-krb5-2 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: libgssapi-krb5-2 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: libgssrpc4 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: libgssrpc4 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2017-9937: libtiff: memory malloc failure in tif_jbig.c could cause DOS.In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.Package Name: libjbig-dev Installed Version: 2.1-3.1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2017-9937: libtiff: memory malloc failure in tif_jbig.c could cause DOS.In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.Package Name: libjbig0 Installed Version: 2.1-3.1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: libk5crypto3 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: libk5crypto3 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: libkadm5clnt-mit12 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: libkadm5clnt-mit12 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: libkadm5srv-mit12 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: libkadm5srv-mit12 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: libkdb5-10 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: libkdb5-10 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: libkrb5-3 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: libkrb5-3 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: libkrb5-dev Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: libkrb5-dev Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2004-0971: security flawThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Package Name: libkrb5support0 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: bugzilla.redhat.com www.gentoo.org www.redhat.com www.securityfocus.com www.trustix.org access.redhat.com exchange.xforce.ibmcloud.com lists.apache.org oval.cisecurity.org |
|
LOW |
CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.cAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.Package Name: libkrb5support0 Installed Version: 1.18.3-6+deb11u1 Fixed Version: References: access.redhat.com github.com lists.apache.org |
|
LOW |
CVE-2015-3276: openldap: incorrect multi-keyword mode cipherstring parsingThe nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.Package Name: libldap-2.4-2 Installed Version: 2.4.57+dfsg-3+deb11u1 Fixed Version: References: rhn.redhat.com www.oracle.com www.securitytracker.com access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov |
|
LOW |
CVE-2017-14159: openldap: Privilege escalation via PID file manipulationslapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.Package Name: libldap-2.4-2 Installed Version: 2.4.57+dfsg-3+deb11u1 Fixed Version: References: www.openldap.org access.redhat.com www.oracle.com |
|
LOW |
CVE-2017-17740: openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of servicecontrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.Package Name: libldap-2.4-2 Installed Version: 2.4.57+dfsg-3+deb11u1 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.openldap.org access.redhat.com kc.mcafee.com www.oracle.com |
|
LOW |
CVE-2020-15719: openldap: Certificate validation incorrectly matches name against CN-IDlibldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.Package Name: libldap-2.4-2 Installed Version: 2.4.57+dfsg-3+deb11u1 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com kc.mcafee.com www.oracle.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-arch-config Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-6-extra Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickcore-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6-headers Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-6 Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-6.q16-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2005-0406: A design flaw in image processing software that modifies JPEG images m ...A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: seclists.org www.redteam-pentesting.de |
|
LOW |
CVE-2008-3134: GraphicsMagick/ImageMagick: multiple crash or DoS issuesMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: lists.opensuse.org secunia.com secunia.com sourceforge.net sourceforge.net www.securityfocus.com www.securitytracker.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2016-8678: ImageMagick: Heap-buffer overflow in IsPixelMonochromeThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com |
|
LOW |
CVE-2017-11754: ImageMagick: Memory leak in WritePICONImage functionThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-11755: ImageMagick: Memory leak in WritePICONImage function via mishandled AcquireSemaphoreInfo callThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com github.com |
|
LOW |
CVE-2017-7275: ImageMagick: Memory allocation failure in AcquireMagickMemory (incomplete fix for CVE-2016-8866)The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com blogs.gentoo.org github.com |
|
LOW |
CVE-2018-15607: ImageMagick: CPU Exhaustion via crafted input fileIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2021-20311: ImageMagick: Division by zero in sRGBTransformImage() in MagickCore/colorspace.cA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.Package Name: libmagickwand-dev Installed Version: 8:6.9.11.60+dfsg-1.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: libmount-dev Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: libmount1 Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libncurses-dev Installed Version: 6.2+20201114-2 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libncurses5-dev Installed Version: 6.2+20201114-2 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libncurses6 Installed Version: 6.2+20201114-2 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libncursesw5-dev Installed Version: 6.2+20201114-2 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libncursesw6 Installed Version: 6.2+20201114-2 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2017-14988: OpenEXR: Excessive memory allocation in Header::readfrom** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid.Package Name: libopenexr-dev Installed Version: 2.5.4-2 Fixed Version: References: lists.opensuse.org access.redhat.com github.com |
|
LOW |
CVE-2021-26945: OpenEXR: Integer-overflow in bool Imf_2_5::readDeepTile<Imf_2_5::DeepTiledInputPart>An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.Package Name: libopenexr-dev Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2017-14988: OpenEXR: Excessive memory allocation in Header::readfrom** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid.Package Name: libopenexr25 Installed Version: 2.5.4-2 Fixed Version: References: lists.opensuse.org access.redhat.com github.com |
|
LOW |
CVE-2021-26945: OpenEXR: Integer-overflow in bool Imf_2_5::readDeepTile<Imf_2_5::DeepTiledInputPart>An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.Package Name: libopenexr25 Installed Version: 2.5.4-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2016-10505: openjpeg: NULL pointer dereference in imagetopnm function in convert.cNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com github.com github.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2016-10506: openjpeg: Division by zero in functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.cDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com github.com github.com github.com github.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9113: CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesThere is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9114: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesThere is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9115: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesHeap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9116: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesNULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9117: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesNULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9580: openjpeg2: Integer overflow in tiftoimage causes heap buffer overflowAn integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9581: openjpeg2: Infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2017-17479: openjpeg: Stack-buffer overflow in the pgxtoimage functionIn OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com cve.mitre.org github.com |
|
LOW |
CVE-2018-16375: openjpeg: Heap-based buffer overflow in pnmtoimage function in bin/jpwl/convert.cAn issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com |
|
LOW |
CVE-2018-16376: openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.cAn issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com |
|
LOW |
CVE-2018-20846: openjpeg: out-of-bounds read in functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c leads to denial of serviceOut-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com |
|
LOW |
CVE-2019-6988: openjpeg: DoS via memory exhaustion in opj_decompressAn issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.Package Name: libopenjp2-7 Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com |
|
LOW |
CVE-2016-10505: openjpeg: NULL pointer dereference in imagetopnm function in convert.cNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com github.com github.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2016-10506: openjpeg: Division by zero in functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.cDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com github.com github.com github.com github.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9113: CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesThere is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9114: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesThere is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9115: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesHeap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9116: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesNULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9117: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issuesNULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9580: openjpeg2: Integer overflow in tiftoimage causes heap buffer overflowAn integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2016-9581: openjpeg2: Infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com bugzilla.redhat.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2017-17479: openjpeg: Stack-buffer overflow in the pgxtoimage functionIn OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: access.redhat.com cve.mitre.org github.com |
|
LOW |
CVE-2018-16375: openjpeg: Heap-based buffer overflow in pnmtoimage function in bin/jpwl/convert.cAn issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com |
|
LOW |
CVE-2018-16376: openjpeg: Heap-based buffer overflow in function t2_encode_packet in src/lib/openmj2/t2.cAn issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com |
|
LOW |
CVE-2018-20846: openjpeg: out-of-bounds read in functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c leads to denial of serviceOut-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com github.com |
|
LOW |
CVE-2019-6988: openjpeg: DoS via memory exhaustion in opj_decompressAn issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.Package Name: libopenjp2-7-dev Installed Version: 2.4.0-3 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com |
|
LOW |
CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcre16-3 Installed Version: 2:8.39-13 Fixed Version: References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.Package Name: libpcre16-3 Installed Version: 2:8.39-13 Fixed Version: References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org |
|
LOW |
CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.Package Name: libpcre16-3 Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.Package Name: libpcre16-3 Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.Package Name: libpcre16-3 Installed Version: 2:8.39-13 Fixed Version: References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org |
|
LOW |
CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcre3 Installed Version: 2:8.39-13 Fixed Version: References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.Package Name: libpcre3 Installed Version: 2:8.39-13 Fixed Version: References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org |
|
LOW |
CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.Package Name: libpcre3 Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.Package Name: libpcre3 Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.Package Name: libpcre3 Installed Version: 2:8.39-13 Fixed Version: References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org |
|
LOW |
CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcre3-dev Installed Version: 2:8.39-13 Fixed Version: References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.Package Name: libpcre3-dev Installed Version: 2:8.39-13 Fixed Version: References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org |
|
LOW |
CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.Package Name: libpcre3-dev Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.Package Name: libpcre3-dev Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.Package Name: libpcre3-dev Installed Version: 2:8.39-13 Fixed Version: References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org |
|
LOW |
CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcre32-3 Installed Version: 2:8.39-13 Fixed Version: References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.Package Name: libpcre32-3 Installed Version: 2:8.39-13 Fixed Version: References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org |
|
LOW |
CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.Package Name: libpcre32-3 Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.Package Name: libpcre32-3 Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.Package Name: libpcre32-3 Installed Version: 2:8.39-13 Fixed Version: References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org |
|
LOW |
CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcrecpp0v5 Installed Version: 2:8.39-13 Fixed Version: References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2017-16231: pcre: self-recursive call in match() in pcre_exec.c leads to denial of service** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.Package Name: libpcrecpp0v5 Installed Version: 2:8.39-13 Fixed Version: References: packetstormsecurity.com seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com bugs.exim.org |
|
LOW |
CVE-2017-7245: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.Package Name: libpcrecpp0v5 Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2017-7246: pcre: stack-based buffer overflow write in pcre32_copy_substringStack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.Package Name: libpcrecpp0v5 Installed Version: 2:8.39-13 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com blogs.gentoo.org security.gentoo.org |
|
LOW |
CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.Package Name: libpcrecpp0v5 Installed Version: 2:8.39-13 Fixed Version: References: seclists.org seclists.org access.redhat.com bugs.gentoo.org cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.apache.org nvd.nist.gov support.apple.com support.apple.com ubuntu.com www.pcre.org |
|
LOW |
CVE-2011-4116: perl: File::Temp insecure temporary file handling_is_safe in the File::Temp module for Perl does not properly handle symlinks.Package Name: libperl5.32 Installed Version: 5.32.1-4+deb11u2 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com rt.cpan.org seclists.org |
|
LOW |
CVE-2019-6129: libpng: memory leak of png_info struct in pngcp.c** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."Package Name: libpng-dev Installed Version: 1.6.37-3 Fixed Version: References: access.redhat.com github.com www.oracle.com |
|
LOW |
CVE-2021-4214: libpng: hardcoded value leads to heap-overflowA heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.Package Name: libpng-dev Installed Version: 1.6.37-3 Fixed Version: References: access.redhat.com |
|
LOW |
CVE-2019-6129: libpng: memory leak of png_info struct in pngcp.c** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."Package Name: libpng16-16 Installed Version: 1.6.37-3 Fixed Version: References: access.redhat.com github.com www.oracle.com |
|
LOW |
CVE-2021-4214: libpng: hardcoded value leads to heap-overflowA heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.Package Name: libpng16-16 Installed Version: 1.6.37-3 Fixed Version: References: access.redhat.com |
|
LOW |
CVE-2020-27619: python: Unsafe use of eval() on data retrieved via HTTP in the test suiteIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.Package Name: libpython3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com |
|
LOW |
CVE-2020-27619: python: Unsafe use of eval() on data retrieved via HTTP in the test suiteIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.Package Name: libpython3.9-stdlib Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com |
|
LOW |
CVE-2021-36084: libsepol: use-after-free in __cil_verify_classperms()The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).Package Name: libsepol1 Installed Version: 3.1-1 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com |
|
LOW |
CVE-2021-36085: libsepol: use-after-free in __cil_verify_classperms()The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).Package Name: libsepol1 Installed Version: 3.1-1 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com |
|
LOW |
CVE-2021-36086: libsepol: use-after-free in cil_reset_classpermission()The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).Package Name: libsepol1 Installed Version: 3.1-1 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com |
|
LOW |
CVE-2021-36087: libsepol: heap-based buffer overflow in ebitmap_match_any()The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.Package Name: libsepol1 Installed Version: 3.1-1 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lore.kernel.org ubuntu.com |
|
LOW |
CVE-2021-36084: libsepol: use-after-free in __cil_verify_classperms()The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).Package Name: libsepol1-dev Installed Version: 3.1-1 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com |
|
LOW |
CVE-2021-36085: libsepol: use-after-free in __cil_verify_classperms()The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).Package Name: libsepol1-dev Installed Version: 3.1-1 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com |
|
LOW |
CVE-2021-36086: libsepol: use-after-free in cil_reset_classpermission()The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).Package Name: libsepol1-dev Installed Version: 3.1-1 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org ubuntu.com |
|
LOW |
CVE-2021-36087: libsepol: heap-based buffer overflow in ebitmap_match_any()The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.Package Name: libsepol1-dev Installed Version: 3.1-1 Fixed Version: References: access.redhat.com bugs.chromium.org cve.mitre.org errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lore.kernel.org ubuntu.com |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: libsmartcols1 Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2021-36690: ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.Package Name: libsqlite3-0 Installed Version: 3.34.1-3 Fixed Version: References: cve.mitre.org nvd.nist.gov ubuntu.com www.oracle.com www.sqlite.org |
|
LOW |
CVE-2021-36690: ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ...** DISPUTED ** A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.Package Name: libsqlite3-dev Installed Version: 3.34.1-3 Fixed Version: References: cve.mitre.org nvd.nist.gov ubuntu.com www.oracle.com www.sqlite.org |
|
LOW |
CVE-2007-6755: Dual_EC_DRBG: weak pseudo random number generatorThe NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.Package Name: libssl-dev Installed Version: 1.1.1n-0+deb11u3 Fixed Version: References: arstechnica.com blog.cryptographyengineering.com blog.cryptographyengineering.com rump2007.cr.yp.to stream.wsj.com threatpost.com www.securityfocus.com access.redhat.com www.schneier.com |
|
LOW |
CVE-2010-0928: openssl: RSA authentication weaknessOpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."Package Name: libssl-dev Installed Version: 1.1.1n-0+deb11u3 Fixed Version: References: rdist.root.org www.eecs.umich.edu www.networkworld.com www.osvdb.org www.theregister.co.uk access.redhat.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2007-6755: Dual_EC_DRBG: weak pseudo random number generatorThe NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.Package Name: libssl1.1 Installed Version: 1.1.1n-0+deb11u3 Fixed Version: References: arstechnica.com blog.cryptographyengineering.com blog.cryptographyengineering.com rump2007.cr.yp.to stream.wsj.com threatpost.com www.securityfocus.com access.redhat.com www.schneier.com |
|
LOW |
CVE-2010-0928: openssl: RSA authentication weaknessOpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."Package Name: libssl1.1 Installed Version: 1.1.1n-0+deb11u3 Fixed Version: References: rdist.root.org www.eecs.umich.edu www.networkworld.com www.osvdb.org www.theregister.co.uk access.redhat.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contextssystemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.Package Name: libsystemd0 Installed Version: 247.3-7 Fixed Version: References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2020-13529: systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfiguredAn exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.Package Name: libsystemd0 Installed Version: 247.3-7 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org security.gentoo.org security.netapp.com talosintelligence.com ubuntu.com ubuntu.com |
|
LOW |
CVE-2014-8130: libtiff: divide by zero in the tiffdither toolThe _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org lists.apple.com lists.apple.com openwall.com rhn.redhat.com rhn.redhat.com support.apple.com support.apple.com www.conostix.com www.securityfocus.com www.securitytracker.com access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com security.gentoo.org ubuntu.com |
|
LOW |
CVE-2017-16232: libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: lists.opensuse.org lists.opensuse.org packetstormsecurity.com seclists.org seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com |
|
LOW |
CVE-2017-17973: libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com bugzilla.novell.com bugzilla.redhat.com |
|
LOW |
CVE-2017-5563: libtiff: Heap-buffer overflow in LZWEncode tif_lzw.cLibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org security.gentoo.org ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2017-9117: libtiff: Heap-based buffer over-read in bmp2tiffIn LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-10126: libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.cLibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2022-1056: Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: cve.mitre.org gitlab.com gitlab.com gitlab.com gitlab.com nvd.nist.gov |
|
LOW |
CVE-2022-1210: tiff: Malicious file leads to a denial of service in TIFF File HandlerA vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.Package Name: libtiff-dev Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.com gitlab.com nvd.nist.gov security.netapp.com vuldb.com |
|
LOW |
CVE-2014-8130: libtiff: divide by zero in the tiffdither toolThe _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org lists.apple.com lists.apple.com openwall.com rhn.redhat.com rhn.redhat.com support.apple.com support.apple.com www.conostix.com www.securityfocus.com www.securitytracker.com access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com security.gentoo.org ubuntu.com |
|
LOW |
CVE-2017-16232: libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: lists.opensuse.org lists.opensuse.org packetstormsecurity.com seclists.org seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com |
|
LOW |
CVE-2017-17973: libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com bugzilla.novell.com bugzilla.redhat.com |
|
LOW |
CVE-2017-5563: libtiff: Heap-buffer overflow in LZWEncode tif_lzw.cLibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org security.gentoo.org ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2017-9117: libtiff: Heap-based buffer over-read in bmp2tiffIn LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-10126: libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.cLibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2022-1056: Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: cve.mitre.org gitlab.com gitlab.com gitlab.com gitlab.com nvd.nist.gov |
|
LOW |
CVE-2022-1210: tiff: Malicious file leads to a denial of service in TIFF File HandlerA vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.Package Name: libtiff5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.com gitlab.com nvd.nist.gov security.netapp.com vuldb.com |
|
LOW |
CVE-2014-8130: libtiff: divide by zero in the tiffdither toolThe _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org lists.apple.com lists.apple.com openwall.com rhn.redhat.com rhn.redhat.com support.apple.com support.apple.com www.conostix.com www.securityfocus.com www.securitytracker.com access.redhat.com bugzilla.redhat.com cve.mitre.org github.com linux.oracle.com linux.oracle.com security.gentoo.org ubuntu.com |
|
LOW |
CVE-2017-16232: libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: lists.opensuse.org lists.opensuse.org packetstormsecurity.com seclists.org seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com |
|
LOW |
CVE-2017-17973: libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com bugzilla.novell.com bugzilla.redhat.com |
|
LOW |
CVE-2017-5563: libtiff: Heap-buffer overflow in LZWEncode tif_lzw.cLibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org security.gentoo.org ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2017-9117: libtiff: Heap-based buffer over-read in bmp2tiffIn LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com cve.mitre.org ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-10126: libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.cLibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: bugzilla.maptools.org access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2022-1056: Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: cve.mitre.org gitlab.com gitlab.com gitlab.com gitlab.com nvd.nist.gov |
|
LOW |
CVE-2022-1210: tiff: Malicious file leads to a denial of service in TIFF File HandlerA vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.Package Name: libtiffxx5 Installed Version: 4.2.0-1+deb11u1 Fixed Version: References: access.redhat.com cve.mitre.org gitlab.com gitlab.com nvd.nist.gov security.netapp.com vuldb.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libtinfo6 Installed Version: 6.2+20201114-2 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contextssystemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.Package Name: libudev1 Installed Version: 247.3-7 Fixed Version: References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2020-13529: systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfiguredAn exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.Package Name: libudev1 Installed Version: 247.3-7 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org security.gentoo.org security.netapp.com talosintelligence.com ubuntu.com ubuntu.com |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: libuuid1 Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2016-9085: libwebp: Several integer overflowsMultiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.Package Name: libwebp-dev Installed Version: 0.6.1-2.1 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com chromium.googlesource.com lists.apache.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org |
|
LOW |
CVE-2016-9085: libwebp: Several integer overflowsMultiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.Package Name: libwebp6 Installed Version: 0.6.1-2.1 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com chromium.googlesource.com lists.apache.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org |
|
LOW |
CVE-2016-9085: libwebp: Several integer overflowsMultiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.Package Name: libwebpdemux2 Installed Version: 0.6.1-2.1 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com chromium.googlesource.com lists.apache.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org |
|
LOW |
CVE-2016-9085: libwebp: Several integer overflowsMultiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.Package Name: libwebpmux3 Installed Version: 0.6.1-2.1 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com chromium.googlesource.com lists.apache.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org |
|
LOW |
CVE-2007-3476: libgd Denial of service by corrupted GIF imagesArray index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.Package Name: libwmf-dev Installed Version: 0.2.8.4-17 Fixed Version: References: ftp.slackware.com bugs.libgd.org fedoranews.org lists.fedoraproject.org lists.fedoraproject.org osvdb.org secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org security.gentoo.org www.debian.org www.libgd.org www.mandriva.com www.mandriva.com www.novell.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.trustix.org www.vupen.com access.redhat.com bugzilla.redhat.com issues.rpath.com linux.oracle.com linux.oracle.com oval.cisecurity.org |
|
LOW |
CVE-2007-3477: gd: arc drawing functions can consume large amount of CPU timeThe (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.Package Name: libwmf-dev Installed Version: 0.2.8.4-17 Fixed Version: References: ftp.slackware.com bugs.libgd.org bugs.libgd.org fedoranews.org lists.fedoraproject.org lists.fedoraproject.org osvdb.org secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org security.gentoo.org www.debian.org www.libgd.org www.mandriva.com www.mandriva.com www.novell.com www.redhat.com www.securityfocus.com www.securityfocus.com www.trustix.org www.vupen.com access.redhat.com bugzilla.redhat.com issues.rpath.com |
|
LOW |
CVE-2007-3996: php multiple integer overflows in gdMultiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.Package Name: libwmf-dev Installed Version: 0.2.8.4-17 Fixed Version: References: bugs.gentoo.org lists.opensuse.org rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org securityreason.com secweb.se secweb.se support.avaya.com www.debian.org www.gentoo.org www.mandriva.com www.php.net www.php.net www.redhat.com www.redhat.com www.redhat.com www.trustix.org www.ubuntu.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com issues.rpath.com issues.rpath.com linux.oracle.com linux.oracle.com oval.cisecurity.org www.redhat.com |
|
LOW |
CVE-2009-3546: gd: insufficient input validation in _gdGetColors()The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.Package Name: libwmf-dev Installed Version: 0.2.8.4-17 Fixed Version: References: marc.info secunia.com secunia.com secunia.com svn.php.net www.mandriva.com www.openwall.com www.redhat.com www.securityfocus.com www.vupen.com www.vupen.com access.redhat.com linux.oracle.com linux.oracle.com oval.cisecurity.org |
|
LOW |
CVE-2007-3476: libgd Denial of service by corrupted GIF imagesArray index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.Package Name: libwmf0.2-7 Installed Version: 0.2.8.4-17 Fixed Version: References: ftp.slackware.com bugs.libgd.org fedoranews.org lists.fedoraproject.org lists.fedoraproject.org osvdb.org secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org security.gentoo.org www.debian.org www.libgd.org www.mandriva.com www.mandriva.com www.novell.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.trustix.org www.vupen.com access.redhat.com bugzilla.redhat.com issues.rpath.com linux.oracle.com linux.oracle.com oval.cisecurity.org |
|
LOW |
CVE-2007-3477: gd: arc drawing functions can consume large amount of CPU timeThe (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.Package Name: libwmf0.2-7 Installed Version: 0.2.8.4-17 Fixed Version: References: ftp.slackware.com bugs.libgd.org bugs.libgd.org fedoranews.org lists.fedoraproject.org lists.fedoraproject.org osvdb.org secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org security.gentoo.org www.debian.org www.libgd.org www.mandriva.com www.mandriva.com www.novell.com www.redhat.com www.securityfocus.com www.securityfocus.com www.trustix.org www.vupen.com access.redhat.com bugzilla.redhat.com issues.rpath.com |
|
LOW |
CVE-2007-3996: php multiple integer overflows in gdMultiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.Package Name: libwmf0.2-7 Installed Version: 0.2.8.4-17 Fixed Version: References: bugs.gentoo.org lists.opensuse.org rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org securityreason.com secweb.se secweb.se support.avaya.com www.debian.org www.gentoo.org www.mandriva.com www.php.net www.php.net www.redhat.com www.redhat.com www.redhat.com www.trustix.org www.ubuntu.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com exchange.xforce.ibmcloud.com issues.rpath.com issues.rpath.com linux.oracle.com linux.oracle.com oval.cisecurity.org www.redhat.com |
|
LOW |
CVE-2009-3546: gd: insufficient input validation in _gdGetColors()The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.Package Name: libwmf0.2-7 Installed Version: 0.2.8.4-17 Fixed Version: References: marc.info secunia.com secunia.com secunia.com svn.php.net www.mandriva.com www.openwall.com www.redhat.com www.securityfocus.com www.vupen.com www.vupen.com access.redhat.com linux.oracle.com linux.oracle.com oval.cisecurity.org |
|
LOW |
CVE-2015-9019: libxslt: math.random() in xslt uses unseeded randomnessIn libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.Package Name: libxslt1-dev Installed Version: 1.1.34-4 Fixed Version: References: access.redhat.com bugzilla.gnome.org bugzilla.suse.com cve.mitre.org |
|
LOW |
CVE-2015-9019: libxslt: math.random() in xslt uses unseeded randomnessIn libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.Package Name: libxslt1.1 Installed Version: 1.1.34-4 Fixed Version: References: access.redhat.com bugzilla.gnome.org bugzilla.suse.com cve.mitre.org |
|
LOW |
CVE-2004-0230: TCP, when using a large Window Size, makes it easier for remote attack ...TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: ftp.netbsd.org ftp.sco.com ftp.sco.com ftp.sco.com patches.sgi.com kb.juniper.net marc.info marc.info secunia.com secunia.com secunia.com www.cisco.com www.kb.cert.org www.oracle.com www.osvdb.org www.securityfocus.com www.securityfocus.com www.uniras.gov.uk www.us-cert.gov www.vupen.com docs.microsoft.com docs.microsoft.com exchange.xforce.ibmcloud.com kc.mcafee.com oval.cisecurity.org oval.cisecurity.org oval.cisecurity.org oval.cisecurity.org oval.cisecurity.org |
|
LOW |
CVE-2005-3660: Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: secunia.com securityreason.com securitytracker.com www.idefense.com www.securityfocus.com www.vupen.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2007-3719: kernel: secretly Monopolizing the CPU Without Superuser PrivilegesThe process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: osvdb.org www.cs.huji.ac.il access.redhat.com |
|
LOW |
CVE-2008-2544: kernel: mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rwMounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com |
|
LOW |
CVE-2008-4609: kernel: TCP protocol vulnerabilities from Outpost24The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: blog.robertlee.name insecure.org lists.immunitysec.com marc.info searchsecurity.techtarget.com.au www.cisco.com www.cisco.com www.cpni.gov.uk www.mandriva.com www.oracle.com www.outpost24.com www.us-cert.gov access.redhat.com docs.microsoft.com nvd.nist.gov oval.cisecurity.org www.cert.fi |
|
LOW |
CVE-2010-4563: kernel: ipv6: sniffer detectionThe Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: seclists.org seclists.org access.redhat.com nvd.nist.gov |
|
LOW |
CVE-2010-5321: kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: linuxtv.org www.openwall.com access.redhat.com bugs.debian.org bugzilla.kernel.org bugzilla.redhat.com |
|
LOW |
CVE-2011-4915: fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: git.kernel.org git.kernel.org people.canonical.com www.openwall.com lkml.org seclists.org security-tracker.debian.org vigilance.fr |
|
LOW |
CVE-2011-4916: Linux kernel through 3.1 allows local users to obtain sensitive keystr ...Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lkml.org www.openwall.com |
|
LOW |
CVE-2011-4917: In the Linux kernel through 3.1 there is an information disclosure iss ...In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lkml.org www.openwall.com |
|
LOW |
CVE-2012-4542: kernel: block: default SCSI command filter does not accomodate commands overlap across device classesblock/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: marc.info marc.info rhn.redhat.com rhn.redhat.com rhn.redhat.com rhn.redhat.com access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com oss.oracle.com |
|
LOW |
CVE-2014-9892: The snd_compr_tstamp function in sound/core/compress_offload.c in the ...The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: source.android.com www.securityfocus.com source.codeaurora.org |
|
LOW |
CVE-2014-9900: kernel: Info leak in uninitialized structure ethtool_wolinfo in ethtool_get_wol()The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: source.android.com www.securityfocus.com access.redhat.com cve.mitre.org source.codeaurora.org ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com |
|
LOW |
CVE-2015-2877: Kernel: Cross-VM ASL INtrospection (CAIN)** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.antoniobarresi.com www.kb.cert.org www.securityfocus.com access.redhat.com bugzilla.redhat.com www.kb.cert.org www.kb.cert.org www.usenix.org |
|
LOW |
CVE-2016-10723: ** DISPUTED ** An issue was discovered in the Linux kernel through 4.1 ...** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle."Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: cve.mitre.org lore.kernel.org lore.kernel.org patchwork.kernel.org patchwork.kernel.org www.spinics.net |
|
LOW |
CVE-2016-8660: kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementationThe XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugzilla.redhat.com cve.mitre.org lore.kernel.org marc.info marc.info |
|
LOW |
CVE-2017-0630: kernel: Information disclosure vulnerability in kernel trace subsystemAn information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.securityfocus.com access.redhat.com source.android.com source.android.com |
|
LOW |
CVE-2017-13693: kernel: ACPI operand cache leak in dsutils.cThe acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org github.com patchwork.kernel.org |
|
LOW |
CVE-2017-13694: kernel: ACPI node and node_ext cache leakThe acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.securityfocus.com access.redhat.com github.com patchwork.kernel.org |
|
LOW |
CVE-2018-1121: procps-ng, procps: process hiding through race condition enumerating /procprocps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: seclists.org www.securityfocus.com access.redhat.com bugzilla.redhat.com cve.mitre.org www.exploit-db.com www.qualys.com |
|
LOW |
CVE-2018-12928: kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.koIn the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.securityfocus.com access.redhat.com bugs.launchpad.net cve.mitre.org groups.google.com lore.kernel.org marc.info |
|
LOW |
CVE-2018-17977: kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of serviceThe Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.securityfocus.com access.redhat.com bugzilla.suse.com cve.mitre.org www.openwall.com |
|
LOW |
CVE-2019-11191: kernel: race condition in load_aout_binary() allows local users to bypass ASLR on setuid a.out programs** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lists.opensuse.org www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com cve.mitre.org ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com www.openwall.com www.openwall.com |
|
LOW |
CVE-2019-12378: kernel: unchecked kmalloc of new_ra in ip6_ra_control leads to denial of service** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.securityfocus.com access.redhat.com git.kernel.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lkml.org |
|
LOW |
CVE-2019-12379: kernel: memory leak in con_insert_unipair in drivers/tty/vt/consolemap.c** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.securityfocus.com access.redhat.com git.kernel.org git.kernel.org lists.fedoraproject.org lists.fedoraproject.org security.netapp.com |
|
LOW |
CVE-2019-12380: kernel: memory allocation failure in the efi subsystem leads to denial of service**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cve.mitre.org git.kernel.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2019-12381: kernel: unchecked kmalloc of new_ra in ip_ra_control leads to denial of service** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: www.securityfocus.com access.redhat.com bugzilla.redhat.com git.kernel.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lkml.org |
|
LOW |
CVE-2019-12382: kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com cgit.freedesktop.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lkml.org lore.kernel.org salsa.debian.org |
|
LOW |
CVE-2019-12455: kernel: null pointer dereference in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c causing denial of service** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com git.kernel.org lists.fedoraproject.org security.netapp.com www.mail-archive.com |
|
LOW |
CVE-2019-12456: kernel: double fetch in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org access.redhat.com bugzilla.redhat.com git.kernel.org lists.fedoraproject.org lists.fedoraproject.org lkml.org support.f5.com support.f5.com |
|
LOW |
CVE-2019-16229: kernel: null pointer dereference in drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.suse.com cve.mitre.org lkml.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2019-16230: kernel: null pointer dereference in drivers/gpu/drm/radeon/radeon_display.c** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.suse.com cve.mitre.org lkml.org security.netapp.com |
|
LOW |
CVE-2019-16231: kernel: null-pointer dereference in drivers/net/fjes/fjes_main.cdrivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org git.kernel.org linux.oracle.com linux.oracle.com lkml.org lore.kernel.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2019-16232: kernel: null-pointer dereference in drivers/net/wireless/marvell/libertas/if_sdio.cdrivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lkml.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2019-16233: kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.cdrivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lkml.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2019-16234: kernel: null pointer dereference in drivers/net/wireless/intel/iwlwifi/pcie/trans.cdrivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com lkml.org lore.kernel.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2019-19070: kernel: A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c allows for a DoS** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.suse.com github.com lists.fedoraproject.org lists.fedoraproject.org |
|
LOW |
CVE-2020-11725: kernel: improper handling of private_size*count multiplication due to count=info->owner typo** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org github.com lore.kernel.org nvd.nist.gov twitter.com |
|
LOW |
CVE-2020-35501: kernel: audit not logging access to syscall open_by_handle_at for users with CAP_DAC_READ_SEARCH capabilityA flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystemPackage Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org listman.redhat.com nvd.nist.gov www.openwall.com |
|
LOW |
CVE-2021-26934: An issue was discovered in the Linux kernel 4.18 through 5.10.16, as u ...An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: xenbits.xen.org cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.openwall.com xenbits.xen.org |
|
LOW |
CVE-2021-32078: kernel: out-of-bounds read in arch/arm/mach-footbridge/personal-pci.c due to improper input validationAn Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com cve.mitre.org git.kernel.org git.kernel.org github.com kirtikumarar.com nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2022-25265: kernel: Executable Space Protection BypassIn the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.Package Name: linux-libc-dev Installed Version: 5.10.127-1 Fixed Version: References: access.redhat.com github.com github.com nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.Package Name: login Installed Version: 1:4.8.1-1 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com |
|
LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: login Installed Version: 1:4.8.1-1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com cve.mitre.org lists.apache.org security-tracker.debian.org |
|
LOW |
CVE-2019-19882: shadow-utils: local users can obtain root access because setuid programs are misconfiguredshadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).Package Name: login Installed Version: 1:4.8.1-1 Fixed Version: References: access.redhat.com bugs.archlinux.org bugs.gentoo.org github.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2008-1687: m4: unquoted output of maketemp and mkstempThe (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.Package Name: m4 Installed Version: 1.4.18-5 Fixed Version: References: secunia.com secunia.com slackware.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2008-1688: m4: code execution via -F argumentUnspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.Package Name: m4 Installed Version: 1.4.18-5 Fixed Version: References: osvdb.org secunia.com secunia.com slackware.com www.openwall.com www.openwall.com www.securityfocus.com www.vupen.com access.redhat.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: mount Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-base Installed Version: 6.2+20201114-2 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-bin Installed Version: 6.2+20201114-2 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2007-2243: OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: lists.grok.org.uk lists.grok.org.uk securityreason.com www.osvdb.org www.securityfocus.com exchange.xforce.ibmcloud.com security.netapp.com |
|
LOW |
CVE-2007-2768: OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, a ...OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: archives.neohapsis.com www.osvdb.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2008-3234: sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapsh ...sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: www.securityfocus.com exchange.xforce.ibmcloud.com www.exploit-db.com |
|
LOW |
CVE-2016-20012: openssh: Public key information leak** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product.Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: access.redhat.com github.com github.com github.com github.com nvd.nist.gov rushter.com security.netapp.com utcc.utoronto.ca www.openwall.com |
|
LOW |
CVE-2018-15919: openssh: User enumeration via malformed packets in authentication requestsRemotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: seclists.org www.securityfocus.com access.redhat.com security.netapp.com |
|
LOW |
CVE-2019-6110: openssh: Acceptance and display of arbitrary stderr allows for spoofing of scp client outputIn OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: access.redhat.com cvsweb.openbsd.org cvsweb.openbsd.org security.gentoo.org security.netapp.com sintonen.fi www.exploit-db.com |
|
LOW |
CVE-2020-14145: openssh: Observable discrepancy leading to an information leak in the algorithm negotiationThe client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: www.openwall.com access.redhat.com anongit.mindrot.org cve.mitre.org docs.ssh-mitm.at github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov security.gentoo.org security.netapp.com www.fzi.de www.fzi.de |
|
LOW |
CVE-2020-15778: openssh: scp allows command injection when using backtick characters in the destination argument** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: access.redhat.com access.redhat.com github.com github.com news.ycombinator.com nvd.nist.gov security.netapp.com www.openssh.com |
|
LOW |
CVE-2021-36368: openssh: possible bypass of fido 2 devices and ssh-askpass** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed."Package Name: openssh-client Installed Version: 1:8.4p1-5+deb11u1 Fixed Version: References: access.redhat.com bugzilla.mindrot.org docs.ssh-mitm.at github.com nvd.nist.gov security-tracker.debian.org www.openssh.com |
|
LOW |
CVE-2007-6755: Dual_EC_DRBG: weak pseudo random number generatorThe NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.Package Name: openssl Installed Version: 1.1.1n-0+deb11u3 Fixed Version: References: arstechnica.com blog.cryptographyengineering.com blog.cryptographyengineering.com rump2007.cr.yp.to stream.wsj.com threatpost.com www.securityfocus.com access.redhat.com www.schneier.com |
|
LOW |
CVE-2010-0928: openssl: RSA authentication weaknessOpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."Package Name: openssl Installed Version: 1.1.1n-0+deb11u3 Fixed Version: References: rdist.root.org www.eecs.umich.edu www.networkworld.com www.osvdb.org www.theregister.co.uk access.redhat.com exchange.xforce.ibmcloud.com |
|
LOW |
CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.Package Name: passwd Installed Version: 1:4.8.1-1 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com |
|
LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: passwd Installed Version: 1:4.8.1-1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com cve.mitre.org lists.apache.org security-tracker.debian.org |
|
LOW |
CVE-2019-19882: shadow-utils: local users can obtain root access because setuid programs are misconfiguredshadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).Package Name: passwd Installed Version: 1:4.8.1-1 Fixed Version: References: access.redhat.com bugs.archlinux.org bugs.gentoo.org github.com github.com github.com security.gentoo.org |
|
LOW |
CVE-2010-4651: patch: directory traversal flaw allows for arbitrary file creationDirectory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.Package Name: patch Installed Version: 2.7.6-7 Fixed Version: References: git.savannah.gnu.org lists.apple.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org openwall.com openwall.com openwall.com openwall.com secunia.com secunia.com support.apple.com www.securityfocus.com www.vupen.com access.redhat.com bugzilla.redhat.com cve.mitre.org ubuntu.com |
|
LOW |
CVE-2018-6951: patch: NULL pointer dereference in pch.c:intuit_diff_type() causes a crashAn issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.Package Name: patch Installed Version: 2.7.6-7 Fixed Version: References: www.securityfocus.com access.redhat.com cve.mitre.org git.savannah.gnu.org nvd.nist.gov savannah.gnu.org security.gentoo.org ubuntu.com usn.ubuntu.com |
|
LOW |
CVE-2018-6952: patch: Double free of memory in pch.c:another_hunk() causes a crashA double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.Package Name: patch Installed Version: 2.7.6-7 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com cve.mitre.org linux.oracle.com linux.oracle.com nvd.nist.gov savannah.gnu.org security.gentoo.org |
|
LOW |
CVE-2021-45261: patch: Invalid Pointer via another_hunk functionAn Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.Package Name: patch Installed Version: 2.7.6-7 Fixed Version: References: access.redhat.com cve.mitre.org savannah.gnu.org |
|
LOW |
CVE-2011-4116: perl: File::Temp insecure temporary file handling_is_safe in the File::Temp module for Perl does not properly handle symlinks.Package Name: perl Installed Version: 5.32.1-4+deb11u2 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com rt.cpan.org seclists.org |
|
LOW |
CVE-2011-4116: perl: File::Temp insecure temporary file handling_is_safe in the File::Temp module for Perl does not properly handle symlinks.Package Name: perl-base Installed Version: 5.32.1-4+deb11u2 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com rt.cpan.org seclists.org |
|
LOW |
CVE-2011-4116: perl: File::Temp insecure temporary file handling_is_safe in the File::Temp module for Perl does not properly handle symlinks.Package Name: perl-modules-5.32 Installed Version: 5.32.1-4+deb11u2 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com rt.cpan.org seclists.org |
|
LOW |
CVE-2020-27619: python: Unsafe use of eval() on data retrieved via HTTP in the test suiteIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.Package Name: python3.9 Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com |
|
LOW |
CVE-2020-27619: python: Unsafe use of eval() on data retrieved via HTTP in the test suiteIn Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.Package Name: python3.9-minimal Installed Version: 3.9.2-1 Fixed Version: References: access.redhat.com bugs.python.org cve.mitre.org errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com |
|
LOW |
CVE-2005-2541: tar: does not properly warn the user when extracting setuid or setgid filesTar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.Package Name: tar Installed Version: 1.34+dfsg-1 Fixed Version: References: marc.info access.redhat.com lists.apache.org |
|
LOW |
CVE-2021-4217: unzip: Null pointer dereference in Unicode strings codeA flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.Package Name: unzip Installed Version: 6.0-26 Fixed Version: References: access.redhat.com cve.mitre.org |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: util-linux Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
LOW |
CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadlineA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.Package Name: uuid-dev Installed Version: 2.36.1-8+deb11u1 Fixed Version: References: access.redhat.com lore.kernel.org nvd.nist.gov security.netapp.com |
|
Target: | Node.js | |
CRITICAL |
CVE-2019-10744: nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying propertiesVersions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.Package Name: lodash Installed Version: 4.17.0 Fixed Version: 4.17.12 References: access.redhat.com access.redhat.com github.com github.com nvd.nist.gov security.netapp.com snyk.io support.f5.com www.npmjs.com www.oracle.com www.oracle.com |
|
HIGH |
CVE-2018-16487: lodash: Prototype pollution in utilities functionA prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.Package Name: lodash Installed Version: 4.17.0 Fixed Version: >=4.17.11 References: access.redhat.com cve.mitre.org github.com hackerone.com nvd.nist.gov security.netapp.com www.npmjs.com |
|
HIGH |
CVE-2020-8203: nodejs-lodash: prototype pollution in zipObjectDeep functionPrototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.Package Name: lodash Installed Version: 4.17.0 Fixed Version: 4.17.20 References: access.redhat.com github.com github.com github.com github.com hackerone.com nvd.nist.gov security.netapp.com www.npmjs.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com www.oracle.com |
|
HIGH |
CVE-2021-23337: nodejs-lodash: command injection via templateLodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.Package Name: lodash Installed Version: 4.17.0 Fixed Version: 4.17.21 References: access.redhat.com cve.mitre.org github.com github.com github.com github.com nvd.nist.gov security.netapp.com snyk.io snyk.io snyk.io snyk.io snyk.io snyk.io www.oracle.com www.oracle.com www.oracle.com |
|
MEDIUM |
CVE-2019-1010266: lodash: uncontrolled resource consumption in Data handler causing denial of servicelodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.Package Name: lodash Installed Version: 4.17.0 Fixed Version: 4.17.11 References: access.redhat.com cve.mitre.org github.com github.com github.com github.com nvd.nist.gov security.netapp.com snyk.io |
|
MEDIUM |
CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functionsLodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.Package Name: lodash Installed Version: 4.17.0 Fixed Version: 4.17.21 References: access.redhat.com cve.mitre.org github.com github.com github.com github.com github.com nvd.nist.gov security.netapp.com snyk.io snyk.io snyk.io snyk.io snyk.io snyk.io www.oracle.com www.oracle.com www.oracle.com |
|
LOW |
CVE-2018-3721: lodash: Prototype pollution in utilities functionlodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.Package Name: lodash Installed Version: 4.17.0 Fixed Version: >=4.17.5 References: access.redhat.com cve.mitre.org github.com github.com hackerone.com nvd.nist.gov security.netapp.com snyk.io www.npmjs.com |
These instructions assume you have setup the repository first (or read it).
To pull example @ reference/tag latest:
docker pull docker.cloudsmith.io/cloudsmith/examples/example:latest
To refer to this image after pulling in a Dockerfile, specify the following:
FROM docker.cloudsmith.io/cloudsmith/examples/example:latest