Cloudsmith - Repositories - demo-docs (demo-docs) - awesome-repo (awesome-repo) - library/nginx

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
filename:my-package.ext

Search by package tag:
tag:latest

Search by package version:
version:1.0.0 prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Search queries for all Generic-specific package types

Search by file path:
generic_filepath:path/to/file.txt

Search by directory:
generic_directory:path/to

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Generic, Go, Helm, Hex, HuggingFace, LuaRocks, Maven, MCP, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, VSX, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Public — demo-docs / awesome-repo

A certifiably-awesome public package repository curated by demo-docs, hosted by Cloudsmith.

Package Policy Violations

This package is in violation of the following policy.

Medium severity CVEs:

A security scan detected a vulnerability with a severity which is not permitted by this policy.

library/nginx 6c8dff1ca002b67bb2392d8bc33…

Download

One-liner (summary)

A certifiably-awesome package curated by Cloudsmith, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by Cloudsmith, hosted by Cloudsmith.

License

Unknown

Size

65.3 MB

Downloads

Status	Completed
Checksum (MD5)	78825c6717badeeea72017556d383475
Checksum (SHA-1)	10dfeb4e2ffa5ef31b5e01d9f36d5d10eb6289cc
Checksum (SHA-256)	6c8dff1ca002b67bb2392d8bc33e9760f51cc2d3fa63236d1a82208c70e6d96e
Checksum (SHA-512)	739b7a45619316088939f91c3ce149e95560cfdb5e7ecf13f8d9c462274ceaa707…
GPG Signature	Download
GPG Fingerprint	6811684bac0b8895434e97bdd4391b8fb999e537
Storage Region	Dublin, Ireland
Type	Binary (contains binaries and binary artifacts)
Uploaded At	9 months, 3 weeks ago
Uploaded By
Slug Id	librarynginx-d5rm
Unique Id	ljEba6vj2uw6
Version (Raw)	6c8dff1ca002b67bb2392d8bc33e9760f51cc2d3fa63236d1a82208c70e6d96e
Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:6c8dff1ca002b67bb2392d8bc33e9760f51cc2d3fa63236d1a82208c70e6d96e
Config Digest	sha256:4484bcd7ab56e5cc91c66f3ac79af4a178fa107ba1ed56043bbf34748f7e4008
V1 OCI Index Digest	sha256:fad565385e1760f5a96c4e4c95cd923059fb06d51e2e584a4f508381b48ec6a7
V1 Distribution (Signed) Digest	sha256:b0ccd967d6f67c4f625a3d02c737e1a143f63fe1c466a1d2712ce5c66ad5d649
V2 Distribution List Digest	sha256:a7a1550e69dee379519d0fb32d72ea2368e22ad56c0146384c4ff83dacb1de10
V2 Distribution Digest	sha256:d03713321b010f13c4e0b76275d0d5843088e6d52533338fc7f5460e8fbea650
V1 Distribution Digest	sha256:d2a7a003d17d0f8025666fed5167b913db84a987ccbfa866d3d127676bfe2627
V1 OCI Digest	sha256:6c8dff1ca002b67bb2392d8bc33e9760f51cc2d3fa63236d1a82208c70e6d96e
	extended metadata
Manifest Type	V1 OCI
Architecture	mips64le
Config	Cmd nginx -g daemon off; Entrypoint /docker-entrypoint.sh Env DYNPKG_RELEASE=1~bookworm \| NGINX_VERSION=1.27.5 \| NJS_RELEASE=1~bookworm \| NJS_VERSION=0.8.10 \| PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \| PKG_RELEASE=1~bookworm Exposed Ports 80/tcp Labels 'maintainer' 'NGINX Docker Maintainers <docker-maint@nginx.com>' Stop Signal SIGQUIT
Created	2025-04-16 14:50:31 UTC
Os	linux

library/nginx 89525ec29fd002ada8f7981d7a8aad5bed01a65…	image s390x linux upstream dockerhub SBOMcheck 64.0 MB — 9 months, 3 weeks ago	3
library/nginx e6017bb25206300fa159619f19498e0d682d0b4…	image arm64 linux upstream dockerhub SBOMcheck 65.6 MB — 9 months, 3 weeks ago	5
library/nginx ee5d7cac6f3353e0d19fb011d62d827c982b9a5…	image arm linux upstream dockerhub SBOMcheck 58.0 MB — 9 months, 3 weeks ago	3
library/nginx 6dc08a9d8ed62c0899d1406e851727cad3ce7cf…	image arm linux upstream dockerhub SBOMcheck 59.6 MB — 9 months, 3 weeks ago	3
library/nginx fafd5f55296511cd0f1c991efa0cb85f323449b…	image amd64 linux upstream dockerhub SBOMcheck 69.0 MB — 9 months, 3 weeks ago	3
library/nginx 6c8dff1ca002b67bb2392d8bc33e9760f51cc2d…	image mips64le linux upstream dockerhub SBOMcheck 65.3 MB — 9 months, 3 weeks ago	3
library/nginx 2b224f2786060b77e5d5cc376b98dbb6cf06235…	image ppc64le linux upstream dockerhub SBOMcheck 73.5 MB — 9 months, 3 weeks ago	4
library/nginx 2c1ee2371c776670cebad7f4fee298ed8979fdf…	image 386 linux upstream dockerhub SBOMcheck 67.5 MB — 9 months, 3 weeks ago	3

Last scanned

9 months, 3 weeks ago

Scan result

Vulnerable

Vulnerability count

152

Max. severity

Critical

Target:	ljEba6vj2uw6.sbom-cyclonedx.json (debian 12.11)
CRITICAL	CVE-2023-6879: aom: heap-buffer-overflow on frame size change Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). Package Name: libaom3 Installed Version: 3.6.0-1+deb12u1 Fixed Version: References: access.redhat.com aomedia.googlesource.com crbug.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov www.cve.org
CRITICAL	CVE-2025-49794: libxml: Heap use after free (UAF) leads to Denial of service (DoS) A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
CRITICAL	CVE-2025-49796: libxml: Type confusion leads to Denial of service (DoS) A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
CRITICAL	CVE-2023-45853: zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. Package Name: zlib1g Installed Version: 1:1.2.13.dfsg-1 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com chromium.googlesource.com chromium.googlesource.com github.com github.com github.com github.com github.com lists.debian.org nvd.nist.gov pypi.org security.gentoo.org security.netapp.com security.netapp.com ubuntu.com www.cve.org www.winimage.com
HIGH	CVE-2023-39616: AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ... AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h. Package Name: libaom3 Installed Version: 3.6.0-1+deb12u1 Fixed Version: References: bugs.chromium.org
HIGH	CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org sourceware.org sourceware.org ubuntu.com www.cve.org www.openwall.com www.openwall.com
HIGH	CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org sourceware.org sourceware.org ubuntu.com www.cve.org www.openwall.com www.openwall.com
HIGH	CVE-2023-52425: expat: parsing large tokens can trigger a denial of service libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. Package Name: libexpat1 Installed Version: 2.5.0-1+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
HIGH	CVE-2024-8176: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. Package Name: libexpat1 Installed Version: 2.5.0-1+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com blog.hartwork.org bugzilla.redhat.com bugzilla.redhat.com bugzilla.suse.com errata.almalinux.org github.com github.com gitlab.alpinelinux.org linux.oracle.com linux.oracle.com nvd.nist.gov security-tracker.debian.org security.netapp.com ubuntu.com ubuntu.com www.cve.org www.kb.cert.org
HIGH	CVE-2025-5222: icu: Stack buffer overflow in the SRBRoot::addTag function A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. Package Name: libicu72 Installed Version: 72.1-3 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.debian.org nvd.nist.gov www.cve.org
HIGH	CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2023-52355: libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.com nvd.nist.gov www.cve.org
HIGH	CVE-2024-25062: libxml2: use-after-free in XMLReader An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2024-56171: libxml2: Use-After-Free in libxml2 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.openwall.com
HIGH	CVE-2025-24928: libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org issues.oss-fuzz.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.openwall.com
HIGH	CVE-2025-27113: libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com gitlab.gnome.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.openwall.com
HIGH	CVE-2025-32414: libxml2: Out-of-Bounds Read in libxml2 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2025-32415: libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com gitlab.gnome.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2025-49795: libxml: Null pointer dereference leads to Denial of service (DoS) A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
HIGH	CVE-2025-6021: libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
HIGH	CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Package Name: perl-base Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org metacpan.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2023-32570: VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that ca ... VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. Package Name: libdav1d6 Installed Version: 1.0.0-2+deb12u1 Fixed Version: References: code.videolan.org code.videolan.org lists.fedoraproject.org lists.fedoraproject.org security.gentoo.org
MEDIUM	CVE-2023-51792: Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attac ... Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000. Package Name: libde265-0 Installed Version: 1.0.11-1+deb12u2 Fixed Version: References: github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org ubuntu.com www.cve.org
MEDIUM	CVE-2024-38949: Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ... Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc Package Name: libde265-0 Installed Version: 1.0.11-1+deb12u2 Fixed Version: References: github.com github.com www.cve.org
MEDIUM	CVE-2024-38950: Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ... Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. Package Name: libde265-0 Installed Version: 1.0.11-1+deb12u2 Fixed Version: References: github.com github.com www.cve.org
MEDIUM	CVE-2024-50602: libexpat: expat: DoS via XML_ResumeParser An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. Package Name: libexpat1 Installed Version: 2.5.0-1+deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam-modules Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-22365: pam: allowing unprivileged user to block another user namespace linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Package Name: libpam-modules Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam-modules-bin Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-22365: pam: allowing unprivileged user to block another user namespace linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Package Name: libpam-modules-bin Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam-runtime Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-22365: pam: allowing unprivileged user to block another user namespace linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Package Name: libpam-runtime Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam0g Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-22365: pam: allowing unprivileged user to block another user namespace linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Package Name: libpam0g Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2023-6277: libtiff: Out-of-memory in TIFFOpen via a craft file An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org access.redhat.com bugzilla.redhat.com gitlab.com gitlab.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: libtinfo6 Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2022-49043: libxml: use-after-free in xmlXIncludeAddNode xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2023-39615: libxml2: crafted xml can cause global buffer overflow Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2023-45322: libxml2: use-after-free in xmlUnlinkNode() in tree.c libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: www.openwall.com access.redhat.com gitlab.gnome.org gitlab.gnome.org nvd.nist.gov www.cve.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-base Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-bin Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 Package Name: perl-base Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugs.debian.org github.com github.com github.com github.com nvd.nist.gov perldoc.perl.org www.cve.org www.openwall.com
LOW	CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ... It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. Package Name: apt Installed Version: 2.6.1 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com
LOW	TEMP-0841856-B18BAF: [Privilege escalation possible to other user than root] Package Name: bash Installed Version: 5.2.15-2+b8 Fixed Version: References:
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: bsdextrautils Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: bsdutils Installed Version: 1:2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Package Name: coreutils Installed Version: 9.1-1 Fixed Version: References: seclists.org www.openwall.com www.openwall.com access.redhat.com lists.apache.org lore.kernel.org mirrors.edge.kernel.org nvd.nist.gov www.cve.org
LOW	CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrp In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Package Name: coreutils Installed Version: 9.1-1 Fixed Version: References: lists.gnu.org access.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. Package Name: coreutils Installed Version: 9.1-1 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com cgit.git.savannah.gnu.org cgit.git.savannah.gnu.org nvd.nist.gov security-tracker.debian.org www.cve.org
LOW	CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. Package Name: curl Installed Version: 7.88.1-10+deb12u12 Fixed Version: References: seclists.org seclists.org seclists.org www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2025-0725: libcurl: Buffer Overflow in libcurl via zlib Integer Overflow When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. Package Name: curl Installed Version: 7.88.1-10+deb12u12 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: gcc-12-base Installed Version: 12.2.0-14+deb12u1 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpgv Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gpgv Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ... It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. Package Name: libapt-pkg6.0 Installed Version: 2.6.1 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libblkid1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227\|)(\\1\\1\|t1\|\\\2537)+' in grep. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com www.cve.org
LOW	CVE-2019-1010022: glibc: stack guard protection bypass GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org sourceware.org ubuntu.com www.cve.org
LOW	CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\|)(\\1\\1)' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern Package Name:* libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com www.cve.org
LOW	CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227\|)(\\1\\1\|t1\|\\\2537)+' in grep. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com www.cve.org
LOW	CVE-2019-1010022: glibc: stack guard protection bypass GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org sourceware.org ubuntu.com www.cve.org
LOW	CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\|)(\\1\\1)' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern Package Name:* libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com www.cve.org
LOW	CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u12 Fixed Version: References: seclists.org seclists.org seclists.org www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2025-0725: libcurl: Buffer Overflow in libcurl via zlib Integer Overflow When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u12 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2023-52426: expat: recursive XML entity expansion vulnerability libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. Package Name: libexpat1 Installed Version: 2.5.0-1+deb12u1 Fixed Version: References: access.redhat.com cwe.mitre.org github.com github.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2024-28757: expat: XML Entity Expansion libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Package Name: libexpat1 Installed Version: 2.5.0-1+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: libgcc-s1 Installed Version: 12.2.0-14+deb12u1 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2018-6829: libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. Package Name: libgcrypt20 Installed Version: 1.10.1-3 Fixed Version: References: access.redhat.com github.com github.com lists.gnupg.org nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2024-2236: libgcrypt: vulnerable to Marvin Attack A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. Package Name: libgcrypt20 Installed Version: 1.10.1-3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com dev.gnupg.org errata.almalinux.org github.com gitlab.com linux.oracle.com linux.oracle.com lists.gnupg.org nvd.nist.gov www.cve.org
LOW	CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. Package Name: libgnutls30 Installed Version: 3.7.9-2+deb12u4 Fixed Version: References: arcticdog.wordpress.com blog.mozilla.com blogs.technet.com blogs.technet.com curl.haxx.se downloads.asterisk.org ekoparty.org eprint.iacr.org eprint.iacr.org googlechromereleases.blogspot.com isc.sans.edu lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org marc.info marc.info marc.info marc.info marc.info marc.info my.opera.com osvdb.org rhn.redhat.com rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com technet.microsoft.com vnhacker.blogspot.com www.apcmedia.com www.debian.org www.educatedguesswork.org www.ibm.com www.imperialviolet.org www.insecure.cl www.kb.cert.org www.mandriva.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.oracle.com www.oracle.com www.oracle.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.ubuntu.com www.us-cert.gov access.redhat.com blogs.oracle.com bugzilla.novell.com bugzilla.redhat.com cert-portal.siemens.com docs.microsoft.com h20564.www2.hp.com hermes.opensuse.org hermes.opensuse.org ics-cert.us-cert.gov linux.oracle.com linux.oracle.com nvd.nist.gov oval.cisecurity.org ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2023-49463: libheif v1.17.5 was discovered to contain a segmentation violation via ... libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. Package Name: libheif1 Installed Version: 1.15.1-1+deb12u1 Fixed Version: References: github.com github.com ubuntu.com www.cve.org
LOW	CVE-2024-25269: libheif <= 1.17.6 contains a memory leak in the function JpegEncoder:: ... libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack. Package Name: libheif1 Installed Version: 1.15.1-1+deb12u1 Fixed Version: References: github.com
LOW	CVE-2017-9937: libtiff: memory malloc failure in tif_jbig.c could cause DOS. In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. Package Name: libjbig0 Installed Version: 2.1-6.1 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com lists.apache.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2015-3276: openldap: incorrect multi-keyword mode cipherstring parsing The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: rhn.redhat.com www.oracle.com www.securitytracker.com access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
LOW	CVE-2017-14159: openldap: Privilege escalation via PID file manipulation slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: www.openldap.org access.redhat.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2017-17740: openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.openldap.org access.redhat.com kc.mcafee.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2020-15719: openldap: Certificate validation incorrectly matches name against CN-ID libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com kc.mcafee.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libmount1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2021-4214: libpng: hardcoded value leads to heap-overflow A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. Package Name: libpng16-16 Installed Version: 1.6.39-2 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com nvd.nist.gov security-tracker.debian.org security.netapp.com www.cve.org
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libsmartcols1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2025-27587: OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ... OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system. Package Name: libssl3 Installed Version: 3.0.16-1~deb12u1 Fixed Version: References: github.com github.com github.com minerva.crocs.fi.muni.cz www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: libstdc++6 Installed Version: 12.2.0-14+deb12u1 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Package Name: libsystemd0 Installed Version: 252.38-1~deb12u1 Fixed Version: References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2023-31437: An issue was discovered in systemd 253. An attacker can modify a seale ... An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libsystemd0 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com
LOW	CVE-2023-31438: An issue was discovered in systemd 253. An attacker can truncate a sea ... An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libsystemd0 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2023-31439: An issue was discovered in systemd 253. An attacker can modify the con ... An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libsystemd0 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2017-16232: libtiff: Memory leaks in tif_open.c, tif_lzw.c, and tif_aux.c LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: lists.opensuse.org lists.opensuse.org packetstormsecurity.com seclists.org seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2017-17973: libtiff: heap-based use after free in tiff2pdf.c:t2p_writeproc In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com bugzilla.novell.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2017-5563: libtiff: Heap-buffer overflow in LZWEncode tif_lzw.c LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com nvd.nist.gov security.gentoo.org ubuntu.com usn.ubuntu.com www.cve.org
LOW	CVE-2017-9117: libtiff: Heap-based buffer over-read in bmp2tiff In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the activation point is in the bmp2tiff.c file (which was removed before the 4.0.7 release). Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: bugzilla.maptools.org www.securityfocus.com access.redhat.com gitlab.com nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org
LOW	CVE-2018-10126: libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c. Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: bugzilla.maptools.org access.redhat.com gitlab.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2022-1210: tiff: Malicious file leads to a denial of service in TIFF File Handler A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: access.redhat.com gitlab.com gitlab.com nvd.nist.gov security.gentoo.org security.netapp.com vuldb.com www.cve.org
LOW	CVE-2023-1916: libtiff: out-of-bounds read in extractImageSection() in tools/tiffcrop.c A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: access.redhat.com gitlab.com gitlab.com gitlab.com gitlab.com nvd.nist.gov support.apple.com ubuntu.com www.cve.org
LOW	CVE-2023-3164: libtiff: heap-buffer-overflow in extractImageSection() A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.com gitlab.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2023-6228: libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. Package Name: libtiff6 Installed Version: 4.5.0-6+deb12u2 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: libtinfo6 Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Package Name: libudev1 Installed Version: 252.38-1~deb12u1 Fixed Version: References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2023-31437: An issue was discovered in systemd 253. An attacker can modify a seale ... An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libudev1 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com
LOW	CVE-2023-31438: An issue was discovered in systemd 253. An attacker can truncate a sea ... An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libudev1 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2023-31439: An issue was discovered in systemd 253. An attacker can modify the con ... An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libudev1 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libuuid1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2024-34459: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com gitlab.gnome.org gitlab.gnome.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-6170: libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2015-9019: libxslt: math.random() in xslt uses unseeded randomness In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. Package Name: libxslt1.1 Installed Version: 1.1.35-1+deb12u1 Fixed Version: References: access.redhat.com bugzilla.gnome.org bugzilla.suse.com nvd.nist.gov www.cve.org
LOW	CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. Package Name: login Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW	CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. Package Name: login Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
LOW	TEMP-0628843-DBAD28: [more related to CVE-2005-4890] Package Name: login Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References:
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: mount Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: ncurses-base Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: ncurses-bin Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2009-4487: nginx: Absent sanitation of escape sequences in web server log nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. Package Name: nginx Installed Version: 1.27.5-1~bookworm Fixed Version: References: www.securityfocus.com www.securityfocus.com www.ush.it access.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2013-0337: The default configuration of nginx, possibly 1.3.13 and earlier, uses ... The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. Package Name: nginx Installed Version: 1.27.5-1~bookworm Fixed Version: References: secunia.com security.gentoo.org www.openwall.com www.openwall.com www.openwall.com
LOW	CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Package Name: nginx Installed Version: 1.27.5-1~bookworm Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com access.redhat.com akka.io arstechnica.com arstechnica.com aws.amazon.com aws.amazon.com blog.cloudflare.com blog.cloudflare.com blog.cloudflare.com blog.cloudflare.com blog.litespeedtech.com blog.litespeedtech.com blog.qualys.com blog.vespa.ai blog.vespa.ai bugzilla.proxmox.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.suse.com cgit.freebsd.org chaos.social cloud.google.com cloud.google.com cloud.google.com community.traefik.io cve.mitre.org devblogs.microsoft.com discuss.hashicorp.com edg.io errata.almalinux.org errata.rockylinux.org forums.swift.org gist.github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com go.dev go.dev go.dev groups.google.com groups.google.com istio.io istio.io linkerd.io linkerd.io linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.w3.org mailman.nginx.org martinthomson.github.io msrc.microsoft.com msrc.microsoft.com msrc.microsoft.com my.f5.com netty.io news.ycombinator.com news.ycombinator.com news.ycombinator.com news.ycombinator.com nodejs.org nvd.nist.gov openssf.org openssf.org pkg.go.dev seanmonstar.com sec.cloudapps.cisco.com security.gentoo.org security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.netapp.com security.paloaltonetworks.com tomcat.apache.org tomcat.apache.org tomcat.apache.org tomcat.apache.org tomcat.apache.org ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.bleepingcomputer.com www.bleepingcomputer.com www.cisa.gov www.cisa.gov www.cve.org www.darkreading.com www.debian.org www.debian.org www.debian.org www.debian.org www.debian.org www.debian.org www.eclipse.org www.haproxy.com www.mail-archive.com www.netlify.com www.netlify.com www.nginx.com www.nginx.com www.openwall.com www.phoronix.com www.theregister.com www.theregister.com www.vicarius.io
LOW	CVE-2025-27587: OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ... OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system. Package Name: openssl Installed Version: 3.0.16-1~deb12u1 Fixed Version: References: github.com github.com github.com minerva.crocs.fi.muni.cz www.cve.org
LOW	CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. Package Name: passwd Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW	CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. Package Name: passwd Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
LOW	TEMP-0628843-DBAD28: [more related to CVE-2005-4890] Package Name: passwd Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References:
LOW	CVE-2011-4116: perl: File:: Temp insecure temporary file handling _is_safe in the File::Temp module for Perl does not properly handle symlinks. Package Name: perl-base Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com nvd.nist.gov rt.cpan.org seclists.org www.cve.org
LOW	CVE-2023-31486: http-tiny: insecure TLS cert default HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Package Name: perl-base Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com errata.almalinux.org github.com hackeriet.github.io linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com www.cve.org www.openwall.com www.openwall.com www.reddit.com
LOW	TEMP-0517018-A83CE6: [sysvinit: no-root option in expert installer exposes locally exploitable security flaw] Package Name: sysvinit-utils Installed Version: 3.06-4 Fixed Version: References:
LOW	CVE-2005-2541: tar: does not properly warn the user when extracting setuid or setgid files Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. Package Name: tar Installed Version: 1.34+dfsg-1.2+deb12u1 Fixed Version: References: marc.info access.redhat.com lists.apache.org nvd.nist.gov www.cve.org
LOW	TEMP-0290435-0B57B5: [tar's rmt command may have undesired side effects] Package Name: tar Installed Version: 1.34+dfsg-1.2+deb12u1 Fixed Version: References:
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: util-linux Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: util-linux-extra Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
UNKNOWN	CVE-2025-6020: A flaw was found in linux-pam. The module pam_namespace may use access ... A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Package Name: libpam-modules Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com
UNKNOWN	CVE-2025-6020: A flaw was found in linux-pam. The module pam_namespace may use access ... A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Package Name: libpam-modules-bin Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com
UNKNOWN	CVE-2025-6020: A flaw was found in linux-pam. The module pam_namespace may use access ... A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Package Name: libpam-runtime Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com
UNKNOWN	CVE-2025-6020: A flaw was found in linux-pam. The module pam_namespace may use access ... A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Package Name: libpam0g Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com

Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.

These instructions assume you have setup the repository first (or read it).

To pull library/nginx @ reference/tag sha256:6c8dff1ca002b67bb2392d8bc33e9760f51cc2d3fa63236d1a82208c70e6d96e:

docker pull docker.cloudsmith.io/demo-docs/awesome-repo/library/nginx@sha256:6c8dff1ca002b67bb2392d8bc33e9760f51cc2d3fa63236d1a82208c70e6d96e

You can also pull the latest version of this image (if it exists):

docker pull docker.cloudsmith.io/demo-docs/awesome-repo/library/nginx:latest

To refer to this image after pulling in a Dockerfile, specify the following:

FROM docker.cloudsmith.io/demo-docs/awesome-repo/library/nginx@sha256:6c8dff1ca002b67bb2392d8bc33e9760f51cc2d3fa63236d1a82208c70e6d96e

Still stuck? Need help? Don't panic. Just contact us for help (even if you're not a customer).

Previous Version: 2b224f2786060b77e5d…

Next Version: fafd5f55296511cd0f1…

	Digest: sha256:ac3f61581c7f5755d8598b3a0857c417db0251b17c0e4e4f43a5fc0e24023524 Command: # debian.sh --arch 'mips64el' out/ 'bookworm' '@1749513600'	27.2 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: LABEL maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV NGINX_VERSION=1.27.5	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV NJS_VERSION=0.8.10	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV NJS_RELEASE=1~bookworm	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PKG_RELEASE=1~bookworm	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV DYNPKG_RELEASE=1~bookworm	32 bytes
	Digest: sha256:fb01944c399fe31563bb197402aa211cd68e8b0440f6ea3a53196cdc85527cef Command: RUN /bin/sh -c set -x && groupadd --system --gid 101 nginx && useradd --system --gid nginx --no-create-home --home /nonexistent --comment "nginx user" --shell /bin/false --uid 101 nginx && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 ca-certificates && NGINX_GPGKEYS="573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 8540A6F18833A80E9C1653A42FD21310B49F6B46 9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3"; NGINX_GPGKEY_PATH=/etc/apt/keyrings/nginx-archive-keyring.gpg; export GNUPGHOME="$(mktemp -d)"; found=''; for NGINX_GPGKEY in $NGINX_GPGKEYS; do for server in hkp://keyserver.ubuntu.com:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; gpg1 --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; done; gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; rm -rf "$GNUPGHOME"; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${DYNPKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${DYNPKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${DYNPKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${NJS_RELEASE} " && case "$dpkgArch" in amd64\|arm64) echo "deb [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; ) tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y curl devscripts equivs git libxml2-utils lsb-release xsltproc && ( cd "$tempDir" && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" && REVISION=${REVISION%~} && curl -f -L -O https://github.com/nginx/pkg-oss/archive/${REVISION}.tar.gz && PKGOSSCHECKSUM="c773d98b567bd585c17f55702bf3e4c7d82b676bfbde395270e90a704dca3c758dfe0380b3f01770542b4fd9bed1f1149af4ce28bfc54a27a96df6b700ac1745 ${REVISION}.tar.gz" && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then echo "pkg-oss tarball checksum verification succeeded!"; else echo "pkg-oss tarball checksum verification failed!"; exit 1; fi && tar xzvf ${REVISION}.tar.gz && cd pkg-oss-${REVISION} && cd debian && for target in base module-geoip module-image-filter module-njs module-xslt; do make rules-$target; mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" debuild-$target/nginx-$NGINX_VERSION/debian/control; done && make base module-geoip module-image-filter module-njs module-xslt ) && apt-mark showmanual \| xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] \|\| apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/ /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log && mkdir /docker-entrypoint.d # buildkit	38.1 MB
	Digest: sha256:32a2ee1d3e420799fb2d07bba67b8e33b86c7853c5b11a981fd5bb101c08724d Command: COPY docker-entrypoint.sh / # buildkit	627 bytes
	Digest: sha256:8f61d5402665573f89c79b2c550d02ee383b79c4eb7b67e5571005d963bdefc6 Command: COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit	957 bytes
	Digest: sha256:851ff7c7bf2d57c423b2726b3887f57a696fb431c187974add0ce10acc978575 Command: COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit	408 bytes
	Digest: sha256:01cdd9957df03d31e4edfaec4c8597a02805ee907b356d6494ef13d2ba7fb808 Command: COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit	1.2 KB
	Digest: sha256:78be6ca24ada12b3d3df21e2031b7862ff8de79a4d4b2d4c44592de7c0dee817 Command: COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit	1.4 KB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENTRYPOINT ["/docker-entrypoint.sh"]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: EXPOSE map[80/tcp:{}]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: STOPSIGNAL SIGQUIT	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: CMD ["nginx" "-g" "daemon off;"]	32 bytes

Medium severity CVEs:

library/nginx 6c8dff1ca002b67bb2392d8bc33…

One-liner (summary)

Description

License

Size

Downloads

Tags

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2023-6879: aom: heap-buffer-overflow on frame size change

CVE-2025-49794: libxml: Heap use after free (UAF) leads to Denial of service (DoS)

CVE-2025-49796: libxml: Type confusion leads to Denial of service (DoS)

CVE-2023-45853: zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6

CVE-2023-39616: AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ...

CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

CVE-2023-52425: expat: parsing large tokens can trigger a denial of service

CVE-2024-8176: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

CVE-2025-5222: icu: Stack buffer overflow in the SRBRoot::addTag function

CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function

CVE-2023-52355: libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM

CVE-2024-25062: libxml2: use-after-free in XMLReader

CVE-2024-56171: libxml2: Use-After-Free in libxml2

CVE-2025-24928: libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

CVE-2025-27113: libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch

CVE-2025-32414: libxml2: Out-of-Bounds Read in libxml2

CVE-2025-32415: libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

CVE-2025-49795: libxml: Null pointer dereference leads to Denial of service (DoS)

CVE-2025-6021: libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

CVE-2023-32570: VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that ca ...

CVE-2023-51792: Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attac ...

CVE-2024-38949: Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...

CVE-2024-38950: Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attacker ...

CVE-2024-50602: libexpat: expat: DoS via XML_ResumeParser

CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-22365: pam: allowing unprivileged user to block another user namespace

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-22365: pam: allowing unprivileged user to block another user namespace

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-22365: pam: allowing unprivileged user to block another user namespace

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-22365: pam: allowing unprivileged user to block another user namespace

CVE-2023-6277: libtiff: Out-of-memory in TIFFOpen via a craft file

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2022-49043: libxml: use-after-free in xmlXIncludeAddNode

CVE-2023-39615: libxml2: crafted xml can cause global buffer overflow

CVE-2023-45322: libxml2: use-after-free in xmlUnlinkNode() in tree.c

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths

CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ...

TEMP-0841856-B18BAF: [Privilege escalation possible to other user than root]

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot

CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrp

CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification

CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL

CVE-2025-0725: libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring

CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ...

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

CVE-2019-1010022: glibc: stack guard protection bypass

CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap

CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread

CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions