Cloudsmith - Repositories - demo-docs (demo-docs) - awesome-repo (awesome-repo) - library/postgres

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
filename:my-package.ext

Search by package tag:
tag:latest

Search by package version:
version:1.0.0 prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Search queries for all Generic-specific package types

Search by file path:
generic_filepath:path/to/file.txt

Search by directory:
generic_directory:path/to

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Generic, Go, Helm, Hex, HuggingFace, LuaRocks, Maven, MCP, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, VSX, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Public — demo-docs / awesome-repo

A certifiably-awesome public package repository curated by demo-docs, hosted by Cloudsmith.

Package Policy Violations

This package is in violation of the following policy.

Medium severity CVEs:

A security scan detected a vulnerability with a severity which is not permitted by this policy.

library/postgres 18eb39352d750a4226849c41316…

Download

One-liner (summary)

A certifiably-awesome package curated by Cloudsmith, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by Cloudsmith, hosted by Cloudsmith.

License

Unknown

Size

149.1 MB

Downloads

Status	Quarantined
Checksum (MD5)	8908609ab374fcd770d4fc15078c18c8
Checksum (SHA-1)	eaf61a831f50e8b606c6a90f805932dca5224268
Checksum (SHA-256)	18eb39352d750a4226849c41316d6597ff4decc9835beb6f863c03ef6f7c68e2
Checksum (SHA-512)	5996d39936537c6d5ebe8dffaece930f1239854ccce71f93ddfec6cb5eed6c4cd8…
GPG Signature	Download
GPG Fingerprint	6811684bac0b8895434e97bdd4391b8fb999e537
Storage Region	Dublin, Ireland
Type	Binary (contains binaries and binary artifacts)
Uploaded At	9 months, 3 weeks ago
Uploaded By
Slug Id	librarypostgres-i31d
Unique Id	aVTaYOLAB6SI
Version (Raw)	18eb39352d750a4226849c41316d6597ff4decc9835beb6f863c03ef6f7c68e2
Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:18eb39352d750a4226849c41316d6597ff4decc9835beb6f863c03ef6f7c68e2
Config Digest	sha256:7ae2a526111afddfefc53152b5d64173ffd0a2d7c201bb93843402ec4c6c265e
V1 OCI Index Digest	sha256:ff529d0e33b3c8f9743943448b5e8964770b63e86512245ce7bf8e2aa7b7fe7b
V1 Distribution (Signed) Digest	sha256:586e95bdbc5b76fe2b72e6e8b60f2db5c7bc806dbb2fda341613cb3d0e4a93a4
V2 Distribution List Digest	sha256:73b0bbc30405626b627743768ce84a88f6e90d8fe7e2be075e66e4db687c93a2
V2 Distribution Digest	sha256:e56a0908f1ba14d8ca4829db4cda0a8c36edeabbcbf3c5f067c488e44edc46e6
V1 Distribution Digest	sha256:e6693cd0106ebb77cb20e2545425eb69c8ad5137662bcd351da1c5dd69b88030
V1 OCI Digest	sha256:18eb39352d750a4226849c41316d6597ff4decc9835beb6f863c03ef6f7c68e2
	extended metadata
Manifest Type	V1 OCI
Architecture	amd64
Config	Cmd postgres Entrypoint docker-entrypoint.sh Env GOSU_VERSION=1.17 \| LANG=en_US.utf8 \| PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/postgresql/17/bin \| PGDATA=/var/lib/postgresql/data \| PG_MAJOR=17 \| PG_VERSION=17.5-1.pgdg120+1 Exposed Ports 5432/tcp Stop Signal SIGINT Volumes /var/lib/postgresql/data
Created	2025-06-06 18:27:47 UTC
Os	linux

	library/postgres 7c03a1da5999c9549b73436c7aa8a52cc1c795d…	image s390x linux upstream dockerhub SBOMcheck high_sev_less_than_… high-sev 157.9 MB — 9 months, 3 weeks ago	0
	library/postgres c7b5673af331a56df46fb4e2a866eed1dc5ca3c…	image ppc64le linux upstream dockerhub SBOMcheck high_sev_less_than_… high-sev 161.2 MB — 9 months, 3 weeks ago	0
	library/postgres e6e091ab25ccd7a412e64c427203d118818f71b…	image mips64le linux upstream dockerhub SBOMcheck high_sev_less_than_… high-sev 148.0 MB — 9 months, 3 weeks ago	0
	library/postgres d4a5077b75836741d07bde81efdbdb2957b93e8…	image 386 linux upstream dockerhub SBOMcheck high_sev_less_than_… high-sev 157.6 MB — 9 months, 3 weeks ago	0
	library/postgres e8dfad5f6b85df74c927652a689d8e9cc09516e…	image arm linux upstream dockerhub SBOMcheck high_sev_less_than_… high-sev 137.7 MB — 9 months, 3 weeks ago	0
	library/postgres 704041e36a97ecdbda592363d1484e2eaf5750d…	image arm linux upstream dockerhub SBOMcheck high_sev_less_than_… high-sev 142.5 MB — 9 months, 3 weeks ago	0
	library/postgres a8a9a060f1e2a598431c19638ae9e4ba1c6b9d2…	image arm64 linux dockerhub upstream SBOMcheck high_sev_less_than_… high-sev 147.0 MB — 9 months, 3 weeks ago	0
	library/postgres 18eb39352d750a4226849c41316d6597ff4decc…	image amd64 linux upstream dockerhub SBOMcheck high_sev_less_than_… high-sev 149.1 MB — 9 months, 3 weeks ago	0

Last scanned

9 months, 3 weeks ago

Scan result

Vulnerable

Vulnerability count

232

Max. severity

Critical

Target:	aVTaYOLAB6SI.sbom-cyclonedx.json (debian 12.11)
CRITICAL	CVE-2025-49794: libxml: Heap use after free (UAF) leads to Denial of service (DoS) A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
CRITICAL	CVE-2025-49796: libxml: Type confusion leads to Denial of service (DoS) A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
CRITICAL	CVE-2023-45853: zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. Package Name: zlib1g Installed Version: 1:1.2.13.dfsg-1 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com chromium.googlesource.com chromium.googlesource.com github.com github.com github.com github.com github.com lists.debian.org nvd.nist.gov pypi.org security.gentoo.org security.netapp.com security.netapp.com ubuntu.com www.cve.org www.winimage.com
HIGH	CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org sourceware.org sourceware.org ubuntu.com www.cve.org www.openwall.com www.openwall.com
HIGH	CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). Package Name: libc-l10n Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org sourceware.org sourceware.org ubuntu.com www.cve.org www.openwall.com www.openwall.com
HIGH	CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org sourceware.org sourceware.org ubuntu.com www.cve.org www.openwall.com www.openwall.com
HIGH	CVE-2025-5222: icu: Stack buffer overflow in the SRBRoot::addTag function A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. Package Name: libicu72 Installed Version: 72.1-3 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.debian.org nvd.nist.gov www.cve.org
HIGH	CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Package Name: libperl5.36 Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org metacpan.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openwall.com
HIGH	CVE-2024-25062: libxml2: use-after-free in XMLReader An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2024-56171: libxml2: Use-After-Free in libxml2 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.openwall.com
HIGH	CVE-2025-24928: libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org issues.oss-fuzz.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.openwall.com
HIGH	CVE-2025-27113: libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com gitlab.gnome.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.openwall.com
HIGH	CVE-2025-32414: libxml2: Out-of-Bounds Read in libxml2 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2025-32415: libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com gitlab.gnome.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2025-49795: libxml: Null pointer dereference leads to Denial of service (DoS) A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
HIGH	CVE-2025-6021: libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
HIGH	CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). Package Name: locales Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org sourceware.org sourceware.org ubuntu.com www.cve.org www.openwall.com www.openwall.com
HIGH	CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Package Name: perl Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org metacpan.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openwall.com
HIGH	CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Package Name: perl-base Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org metacpan.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openwall.com
HIGH	CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. Package Name: perl-modules-5.36 Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org metacpan.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: libncursesw6 Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam-modules Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-22365: pam: allowing unprivileged user to block another user namespace linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Package Name: libpam-modules Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam-modules-bin Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-22365: pam: allowing unprivileged user to block another user namespace linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Package Name: libpam-modules-bin Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam-runtime Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-22365: pam: allowing unprivileged user to block another user namespace linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Package Name: libpam-runtime Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam0g Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-22365: pam: allowing unprivileged user to block another user namespace linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. Package Name: libpam0g Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 Package Name: libperl5.36 Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugs.debian.org github.com github.com github.com github.com nvd.nist.gov perldoc.perl.org www.cve.org www.openwall.com
MEDIUM	CVE-2025-29088: sqlite: Denial of Service in SQLite In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect. Package Name:* libsqlite3-0 Installed Version: 3.40.1-2+deb12u1 Fixed Version: References: access.redhat.com gist.github.com github.com nvd.nist.gov sqlite.org sqlite.org ubuntu.com www.cve.org www.sqlite.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: libtinfo6 Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2022-49043: libxml: use-after-free in xmlXIncludeAddNode xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2023-39615: libxml2: crafted xml can cause global buffer overflow Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2023-45322: libxml2: use-after-free in xmlUnlinkNode() in tree.c libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: www.openwall.com access.redhat.com gitlab.gnome.org gitlab.gnome.org nvd.nist.gov www.cve.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-base Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-bin Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 Package Name: perl Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugs.debian.org github.com github.com github.com github.com nvd.nist.gov perldoc.perl.org www.cve.org www.openwall.com
MEDIUM	CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 Package Name: perl-base Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugs.debian.org github.com github.com github.com github.com nvd.nist.gov perldoc.perl.org www.cve.org www.openwall.com
MEDIUM	CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6 Package Name: perl-modules-5.36 Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugs.debian.org github.com github.com github.com github.com nvd.nist.gov perldoc.perl.org www.cve.org www.openwall.com
LOW	CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ... It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. Package Name: apt Installed Version: 2.6.1 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com
LOW	TEMP-0841856-B18BAF: [Privilege escalation possible to other user than root] Package Name: bash Installed Version: 5.2.15-2+b8 Fixed Version: References:
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: bsdutils Installed Version: 1:2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Package Name: coreutils Installed Version: 9.1-1 Fixed Version: References: seclists.org www.openwall.com www.openwall.com access.redhat.com lists.apache.org lore.kernel.org mirrors.edge.kernel.org nvd.nist.gov www.cve.org
LOW	CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrp In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Package Name: coreutils Installed Version: 9.1-1 Fixed Version: References: lists.gnu.org access.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. Package Name: coreutils Installed Version: 9.1-1 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com cgit.git.savannah.gnu.org cgit.git.savannah.gnu.org nvd.nist.gov security-tracker.debian.org www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: dirmngr Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: dirmngr Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: gcc-12-base Installed Version: 12.2.0-14+deb12u1 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gnupg Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gnupg Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gnupg-l10n Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gnupg-l10n Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gnupg-utils Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gnupg-utils Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpg Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gpg Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpg-agent Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gpg-agent Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpg-wks-client Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gpg-wks-client Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpg-wks-server Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gpg-wks-server Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpgconf Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gpgconf Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpgsm Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gpgsm Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpgv Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gpgv Installed Version: 2.2.40-1.1 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ... It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. Package Name: libapt-pkg6.0 Installed Version: 2.6.1 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libblkid1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227\|)(\\1\\1\|t1\|\\\2537)+' in grep. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com www.cve.org
LOW	CVE-2019-1010022: glibc: stack guard protection bypass GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org sourceware.org ubuntu.com www.cve.org
LOW	CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. Package Name: libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\|)(\\1\\1)' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern Package Name:* libc-bin Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com www.cve.org
LOW	CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Package Name: libc-l10n Installed Version: 2.36-9+deb12u10 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227\|)(\\1\\1\|t1\|\\\2537)+' in grep. Package Name: libc-l10n Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com www.cve.org
LOW	CVE-2019-1010022: glibc: stack guard protection bypass GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-l10n Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org sourceware.org ubuntu.com www.cve.org
LOW	CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-l10n Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-l10n Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. Package Name: libc-l10n Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\|)(\\1\\1)' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern Package Name:* libc-l10n Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com www.cve.org
LOW	CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227\|)(\\1\\1\|t1\|\\\2537)+' in grep. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com www.cve.org
LOW	CVE-2019-1010022: glibc: stack guard protection bypass GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org sourceware.org ubuntu.com www.cve.org
LOW	CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. Package Name: libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\|)(\\1\\1)' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern Package Name:* libc6 Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: libgcc-s1 Installed Version: 12.2.0-14+deb12u1 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2018-6829: libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. Package Name: libgcrypt20 Installed Version: 1.10.1-3 Fixed Version: References: access.redhat.com github.com github.com lists.gnupg.org nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2024-2236: libgcrypt: vulnerable to Marvin Attack A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. Package Name: libgcrypt20 Installed Version: 1.10.1-3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com dev.gnupg.org errata.almalinux.org github.com gitlab.com linux.oracle.com linux.oracle.com lists.gnupg.org nvd.nist.gov www.cve.org
LOW	CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. Package Name: libgnutls30 Installed Version: 3.7.9-2+deb12u4 Fixed Version: References: arcticdog.wordpress.com blog.mozilla.com blogs.technet.com blogs.technet.com curl.haxx.se downloads.asterisk.org ekoparty.org eprint.iacr.org eprint.iacr.org googlechromereleases.blogspot.com isc.sans.edu lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org marc.info marc.info marc.info marc.info marc.info marc.info my.opera.com osvdb.org rhn.redhat.com rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com technet.microsoft.com vnhacker.blogspot.com www.apcmedia.com www.debian.org www.educatedguesswork.org www.ibm.com www.imperialviolet.org www.insecure.cl www.kb.cert.org www.mandriva.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.oracle.com www.oracle.com www.oracle.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.ubuntu.com www.us-cert.gov access.redhat.com blogs.oracle.com bugzilla.novell.com bugzilla.redhat.com cert-portal.siemens.com docs.microsoft.com h20564.www2.hp.com hermes.opensuse.org hermes.opensuse.org ics-cert.us-cert.gov linux.oracle.com linux.oracle.com nvd.nist.gov oval.cisecurity.org ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2015-3276: openldap: incorrect multi-keyword mode cipherstring parsing The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: rhn.redhat.com www.oracle.com www.securitytracker.com access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
LOW	CVE-2017-14159: openldap: Privilege escalation via PID file manipulation slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: www.openldap.org access.redhat.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2017-17740: openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.openldap.org access.redhat.com kc.mcafee.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2020-15719: openldap: Certificate validation incorrectly matches name against CN-ID libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com kc.mcafee.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2024-7883: clang: CMSE secure state may leak from stack to floating-point registers When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers. Package Name: libllvm19 Installed Version: 1:19.1.4-1~deb12u1 Fixed Version: References: access.redhat.com developer.arm.com nvd.nist.gov www.cve.org
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libmount1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: libncursesw6 Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2011-4116: perl: File:: Temp insecure temporary file handling _is_safe in the File::Temp module for Perl does not properly handle symlinks. Package Name: libperl5.36 Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com nvd.nist.gov rt.cpan.org seclists.org www.cve.org
LOW	CVE-2023-31486: http-tiny: insecure TLS cert default HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Package Name: libperl5.36 Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com errata.almalinux.org github.com hackeriet.github.io linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com www.cve.org www.openwall.com www.openwall.com www.reddit.com
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libsmartcols1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2021-45346: sqlite: crafted SQL query allows a malicious user to obtain sensitive information A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. Package Name: libsqlite3-0 Installed Version: 3.40.1-2+deb12u1 Fixed Version: References: access.redhat.com github.com nvd.nist.gov security.netapp.com sqlite.org sqlite.org www.cve.org www.sqlite.org
LOW	CVE-2025-27587: OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ... OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system. Package Name: libssl3 Installed Version: 3.0.16-1~deb12u1 Fixed Version: References: github.com github.com github.com minerva.crocs.fi.muni.cz www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: libstdc++6 Installed Version: 12.2.0-14+deb12u1 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Package Name: libsystemd0 Installed Version: 252.38-1~deb12u1 Fixed Version: References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2023-31437: An issue was discovered in systemd 253. An attacker can modify a seale ... An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libsystemd0 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com
LOW	CVE-2023-31438: An issue was discovered in systemd 253. An attacker can truncate a sea ... An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libsystemd0 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2023-31439: An issue was discovered in systemd 253. An attacker can modify the con ... An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libsystemd0 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: libtinfo6 Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Package Name: libudev1 Installed Version: 252.38-1~deb12u1 Fixed Version: References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2023-31437: An issue was discovered in systemd 253. An attacker can modify a seale ... An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libudev1 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com
LOW	CVE-2023-31438: An issue was discovered in systemd 253. An attacker can truncate a sea ... An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libudev1 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2023-31439: An issue was discovered in systemd 253. An attacker can modify the con ... An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libudev1 Installed Version: 252.38-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libuuid1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2024-34459: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com gitlab.gnome.org gitlab.gnome.org gitlab.gnome.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2025-6170: libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections. Package Name: libxml2 Installed Version: 2.9.14+dfsg-1.3~deb12u1 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2015-9019: libxslt: math.random() in xslt uses unseeded randomness In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. Package Name: libxslt1.1 Installed Version: 1.1.35-1+deb12u1 Fixed Version: References: access.redhat.com bugzilla.gnome.org bugzilla.suse.com nvd.nist.gov www.cve.org
LOW	CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Package Name: locales Installed Version: 2.36-9+deb12u10 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227\|)(\\1\\1\|t1\|\\\2537)+' in grep. Package Name: locales Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com www.cve.org
LOW	CVE-2019-1010022: glibc: stack guard protection bypass GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: locales Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org sourceware.org ubuntu.com www.cve.org
LOW	CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: locales Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: locales Installed Version: 2.36-9+deb12u10 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. Package Name: locales Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\|)(\\1\\1)' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern Package Name:* locales Installed Version: 2.36-9+deb12u10 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com www.cve.org
LOW	CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. Package Name: login Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW	CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. Package Name: login Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
LOW	TEMP-0628843-DBAD28: [more related to CVE-2005-4890] Package Name: login Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References:
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: mount Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: ncurses-base Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: ncurses-bin Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2025-27587: OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ... OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system. Package Name: openssl Installed Version: 3.0.16-1~deb12u1 Fixed Version: References: github.com github.com github.com minerva.crocs.fi.muni.cz www.cve.org
LOW	CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. Package Name: passwd Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW	CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. Package Name: passwd Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
LOW	TEMP-0628843-DBAD28: [more related to CVE-2005-4890] Package Name: passwd Installed Version: 1:4.13+dfsg1-1+deb12u1 Fixed Version: References:
LOW	CVE-2011-4116: perl: File:: Temp insecure temporary file handling _is_safe in the File::Temp module for Perl does not properly handle symlinks. Package Name: perl Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com nvd.nist.gov rt.cpan.org seclists.org www.cve.org
LOW	CVE-2023-31486: http-tiny: insecure TLS cert default HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Package Name: perl Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com errata.almalinux.org github.com hackeriet.github.io linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com www.cve.org www.openwall.com www.openwall.com www.reddit.com
LOW	CVE-2011-4116: perl: File:: Temp insecure temporary file handling _is_safe in the File::Temp module for Perl does not properly handle symlinks. Package Name: perl-base Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com nvd.nist.gov rt.cpan.org seclists.org www.cve.org
LOW	CVE-2023-31486: http-tiny: insecure TLS cert default HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Package Name: perl-base Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com errata.almalinux.org github.com hackeriet.github.io linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com www.cve.org www.openwall.com www.openwall.com www.reddit.com
LOW	CVE-2011-4116: perl: File:: Temp insecure temporary file handling _is_safe in the File::Temp module for Perl does not properly handle symlinks. Package Name: perl-modules-5.36 Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com nvd.nist.gov rt.cpan.org seclists.org www.cve.org
LOW	CVE-2023-31486: http-tiny: insecure TLS cert default HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Package Name: perl-modules-5.36 Installed Version: 5.36.0-7+deb12u2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com errata.almalinux.org github.com hackeriet.github.io linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com www.cve.org www.openwall.com www.openwall.com www.reddit.com
LOW	TEMP-0517018-A83CE6: [sysvinit: no-root option in expert installer exposes locally exploitable security flaw] Package Name: sysvinit-utils Installed Version: 3.06-4 Fixed Version: References:
LOW	CVE-2005-2541: tar: does not properly warn the user when extracting setuid or setgid files Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. Package Name: tar Installed Version: 1.34+dfsg-1.2+deb12u1 Fixed Version: References: marc.info access.redhat.com lists.apache.org nvd.nist.gov www.cve.org
LOW	TEMP-0290435-0B57B5: [tar's rmt command may have undesired side effects] Package Name: tar Installed Version: 1.34+dfsg-1.2+deb12u1 Fixed Version: References:
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: util-linux Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: util-linux-extra Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
UNKNOWN	CVE-2025-6020: A flaw was found in linux-pam. The module pam_namespace may use access ... A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Package Name: libpam-modules Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com
UNKNOWN	CVE-2025-6020: A flaw was found in linux-pam. The module pam_namespace may use access ... A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Package Name: libpam-modules-bin Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com
UNKNOWN	CVE-2025-6020: A flaw was found in linux-pam. The module pam_namespace may use access ... A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Package Name: libpam-runtime Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com
UNKNOWN	CVE-2025-6020: A flaw was found in linux-pam. The module pam_namespace may use access ... A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. Package Name: libpam0g Installed Version: 1.5.2-6+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com bugzilla.redhat.com
Target:	usr/local/bin/gosu
CRITICAL	CVE-2023-24538: golang: html/template: backticks not treated as string delimiters Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.8, 1.20.3 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
CRITICAL	CVE-2023-24540: golang: html/template: improper handling of JavaScript whitespace Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.9, 1.20.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com www.cve.org
CRITICAL	CVE-2024-24790: golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.21.11, 1.22.4 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.18.6, 1.19.1 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cs.opensource.google cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com groups.google.com groups.google.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.12, 1.18.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-2879: golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.18.7, 1.19.2 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.18.7, 1.19.2 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-29804: ELSA-2022-17957: ol8addon security update (IMPORTANT) Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.11, 1.18.3 References: go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev
HIGH	CVE-2022-30580: golang: os/exec: Code injection in Cmd.Start Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.11, 1.18.3 References: access.redhat.com go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev www.cve.org
HIGH	CVE-2022-30630: golang: io/fs: stack exhaustion in Glob Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.12, 1.18.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.12, 1.18.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.12, 1.18.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-30633: golang: encoding/xml: stack exhaustion in Unmarshal Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.12, 1.18.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-30634: ELSA-2022-17957: ol8addon security update (IMPORTANT) Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.11, 1.18.3 References: go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev
HIGH	CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.12, 1.18.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-32189: golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.13, 1.18.5 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.googlesource.com groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-41715: golang: regexp/syntax: limit memory used by parsing regexps Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.18.7, 1.19.2 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org ubuntu.com www.cve.org
HIGH	CVE-2022-41716: Due to unsanitized NUL values, attackers may be able to maliciously se ... Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.18.8, 1.19.3 References: go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com
HIGH	CVE-2022-41720: golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS("C:/tmp").Open("COM1") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS("") has changed. Previously, an empty root was treated equivalently to "/", so os.DirFS("").Open("tmp") would open the path "/tmp". This now returns an error. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.18.9, 1.19.4 References: access.redhat.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev www.cve.org
HIGH	CVE-2022-41722: golang: path/filepath: path-filepath filepath.Clean path traversal A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.6, 1.20.1 References: access.redhat.com go.dev go.dev groups.google.com nvd.nist.gov pkg.go.dev www.cve.org
HIGH	CVE-2022-41723: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.6, 1.20.1 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com go.dev go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com vuln.go.dev www.couchbase.com www.couchbase.com www.cve.org
HIGH	CVE-2022-41724: golang: crypto/tls: large handshake records may cause panics Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.6, 1.20.1 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org ubuntu.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2022-41725: golang: net/http, mime/multipart: denial of service from excessive resource consumption A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. Package Name:* stdlib Installed Version: v1.18.2 Fixed Version: 1.19.6, 1.20.1 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org ubuntu.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2023-24534: golang: net/http, net/textproto: denial of service from excessive memory allocation HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.8, 1.20.3 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2023-24536: golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.8, 1.20.3 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com go.dev go.dev go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2023-24537: golang: go/parser: Infinite loop in parsing Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.8, 1.20.3 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2023-24539: golang: html/template: improper sanitization of CSS values Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.9, 1.20.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com www.cve.org
HIGH	CVE-2023-29400: golang: html/template: improper handling of empty HTML attributes Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.9, 1.20.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com www.cve.org
HIGH	CVE-2023-29403: golang: runtime: unexpected behavior of setuid/setgid binaries On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.10, 1.20.5 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.20.10, 1.21.3 References: None access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cisa.gov www.cve.org
HIGH	CVE-2023-45283: The filepath package does not recognize paths with a \??\ prefix as sp ... The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.20.11, 1.21.4, 1.20.12, 1.21.5 References: www.openwall.com go.dev go.dev go.dev go.dev groups.google.com groups.google.com nvd.nist.gov pkg.go.dev security.netapp.com
HIGH	CVE-2023-45287: golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.20.0 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov people.redhat.com pkg.go.dev security.netapp.com www.cve.org
HIGH	CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.21.9, 1.22.2 References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org go.dev go.dev groups.google.com kb.cert.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nowotarski.info nowotarski.info nvd.nist.gov pkg.go.dev security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.kb.cert.org
HIGH	CVE-2024-34156: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.22.7, 1.23.1 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.12, 1.18.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.12, 1.18.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com www.cve.org
MEDIUM	CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.12, 1.18.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com go.dev go.dev go.googlesource.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2022-41717: golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.18.9, 1.19.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cs.opensource.google errata.almalinux.org github.com github.com go.dev go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2023-24532: golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.7, 1.20.2 References: access.redhat.com go.dev go.dev groups.google.com nvd.nist.gov pkg.go.dev security.netapp.com www.cve.org
MEDIUM	CVE-2023-29406: golang: net/http: insufficient sanitization of Host header The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.11, 1.20.6 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2023-29409: golang: crypto/tls: slow verification of certificate chains containing large RSA keys Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.19.12, 1.20.7, 1.21.0-rc.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com www.cve.org
MEDIUM	CVE-2023-39318: golang: html/template: improper handling of HTML-like comments within script contexts The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.20.8, 1.21.1 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com vuln.go.dev www.cve.org
MEDIUM	CVE-2023-39319: golang: html/template: improper handling of special tags within script contexts The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.20.8, 1.21.1 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com vuln.go.dev www.cve.org
MEDIUM	CVE-2023-39326: golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.20.12, 1.21.5 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov pkg.go.dev ubuntu.com www.cve.org
MEDIUM	CVE-2023-45284: On Windows, The IsLocal function does not correctly detect reserved de ... On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.20.11, 1.21.4 References: go.dev go.dev groups.google.com nvd.nist.gov pkg.go.dev
MEDIUM	CVE-2023-45289: golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.21.8, 1.22.1 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2023-45290: golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.21.8, 1.22.1 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-24783: golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.21.8, 1.22.1 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-24784: golang: net/mail: comments in display names are incorrectly handled The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.21.8, 1.22.1 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-24785: golang: html/template: errors returned from MarshalJSON methods may break template escaping If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.21.8, 1.22.1 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com ubuntu.com ubuntu.com vuln.go.dev www.cve.org
MEDIUM	CVE-2024-24789: golang: archive/zip: Incorrect handling of certain ZIP files The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.21.11, 1.22.4 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-24791: net/http: Denial of service due to improper 100-continue handling in net/http The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.21.12, 1.22.5 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-34155: go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.22.7, 1.23.1 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-34158: go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.22.7, 1.23.1 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com go.dev go.dev groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-45336: golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.22.11, 1.23.5, 1.24.0-rc.2 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org go.dev go.dev groups.google.com groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com www.cve.org
MEDIUM	CVE-2024-45341: golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.22.11, 1.23.5, 1.24.0-rc.2 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org go.dev go.dev groups.google.com groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev security.netapp.com www.cve.org
MEDIUM	CVE-2025-0913: Inconsistent handling of O_CREATE\|O_EXCL on Unix and Windows in os in syscall os.OpenFile(path, os.O_CREATE\|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.23.10, 1.24.4 References: go.dev go.dev groups.google.com nvd.nist.gov pkg.go.dev
MEDIUM	CVE-2025-22866: crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.22.12, 1.23.6, 1.24.0-rc.3 References: access.redhat.com github.com github.com github.com github.com go.dev go.dev groups.google.com nvd.nist.gov pkg.go.dev security.netapp.com www.cve.org
MEDIUM	CVE-2025-22871: net/http: Request smuggling due to acceptance of invalid chunked data in net/http The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.23.8, 1.24.2 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com errata.almalinux.org go.dev go.dev groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev www.cve.org
MEDIUM	CVE-2025-4673: Proxy-Authorization and Proxy-Authenticate headers persisted on cross- ... Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.23.10, 1.24.4 References: go.dev go.dev groups.google.com nvd.nist.gov pkg.go.dev www.cve.org
LOW	CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. Package Name: stdlib Installed Version: v1.18.2 Fixed Version: 1.17.11, 1.18.3 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com go.dev go.dev go.googlesource.com groups.google.com groups.google.com linux.oracle.com linux.oracle.com nvd.nist.gov pkg.go.dev ubuntu.com ubuntu.com www.cve.org

Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.

Previous Version

Next Version: a8a9a060f1e2a598431…

	Digest: sha256:dad67da3f26bce15939543965e09c4059533b025f707aad72ed3d3f3a09c66f8 Command: # debian.sh --arch 'amd64' out/ 'bookworm' '@1749513600'	26.9 MB
	Digest: sha256:eb3a531023c85e7f9c7e37aed7e82f273a5f3e1da98ddf2539cfce4966be655a Command: RUN /bin/sh -c set -eux; groupadd -r postgres --gid=999; useradd -r -g postgres --uid=999 --home-dir=/var/lib/postgresql --shell=/bin/bash postgres; install --verbose --directory --owner postgres --group postgres --mode 1777 /var/lib/postgresql # buildkit	1.1 KB
	Digest: sha256:05b641b3bdaba767b3b3d2ad3a2a3f2275e5b465c0168893ba05a8a6a497bd86 Command: RUN /bin/sh -c set -ex; apt-get update; apt-get install -y --no-install-recommends gnupg less ; rm -rf /var/lib/apt/lists/* # buildkit	4.3 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV GOSU_VERSION=1.17	32 bytes
	Digest: sha256:64e8f1b2b243a4ee0140073607ed2dbfd07b7a6d270556878675d05578be7ad1 Command: RUN /bin/sh -c set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update; apt-get install -y --no-install-recommends ca-certificates wget; rm -rf /var/lib/apt/lists/; dpkgArch="$(dpkg --print-architecture \| awk -F- '{ print $NF }')"; wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; export GNUPGHOME="$(mktemp -d)"; gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; gpgconf --kill all; rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; apt-mark auto '.' > /dev/null; [ -z "$savedAptMark" ] \|\| apt-mark manual $savedAptMark > /dev/null; apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; chmod +x /usr/local/bin/gosu; gosu --version; gosu nobody true # buildkit	1.4 MB
	Digest: sha256:603ef9fcdd8e51d4e3fe03a7086be65d93c44a81b81e32af1ffd01d00c5b5f28 Command: RUN /bin/sh -c set -eux; if [ -f /etc/dpkg/dpkg.cfg.d/docker ]; then grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; sed -ri '/\/usr\/share\/locale/d' /etc/dpkg/dpkg.cfg.d/docker; ! grep -q '/usr/share/locale' /etc/dpkg/dpkg.cfg.d/docker; fi; apt-get update; apt-get install -y --no-install-recommends locales; rm -rf /var/lib/apt/lists/*; echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen; locale-gen; locale -a \| grep 'en_US.utf8' # buildkit	7.7 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV LANG=en_US.utf8	32 bytes
	Digest: sha256:8a1f652e0c97695b220af62c6afc16494c709af1f0b0fce2f2a7bc98be06f4ba Command: RUN /bin/sh -c set -eux; apt-get update; apt-get install -y --no-install-recommends libnss-wrapper xz-utils zstd ; rm -rf /var/lib/apt/lists/* # buildkit	1.1 MB
	Digest: sha256:c6def2c6e21dbc43cb1480e18969439f026d255d51407cee817b7f9f7e8dbf10 Command: RUN /bin/sh -c mkdir /docker-entrypoint-initdb.d # buildkit	116 bytes
	Digest: sha256:b47a445a47f026e23405fe77a9b53f3561cb5fe89bb2e62dfd40cf7e3375a44d Command: RUN /bin/sh -c set -ex; key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; export GNUPGHOME="$(mktemp -d)"; mkdir -p /usr/local/share/keyrings/; gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; gpg --batch --export --armor "$key" > /usr/local/share/keyrings/postgres.gpg.asc; gpgconf --kill all; rm -rf "$GNUPGHOME" # buildkit	3.1 KB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PG_MAJOR=17	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/postgresql/17/bin	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PG_VERSION=17.5-1.pgdg120+1	32 bytes
	Digest: sha256:c95f49cc11b37dd581567b642d56d72466fa6006ef235962591ab8a5b4a5b36b Command: RUN /bin/sh -c set -ex; export PYTHONDONTWRITEBYTECODE=1; dpkgArch="$(dpkg --print-architecture)"; aptRepo="[ signed-by=/usr/local/share/keyrings/postgres.gpg.asc ] http://apt.postgresql.org/pub/repos/apt/ bookworm-pgdg main $PG_MAJOR"; case "$dpkgArch" in amd64 \| arm64 \| ppc64el) echo "deb $aptRepo" > /etc/apt/sources.list.d/pgdg.list; apt-get update; ;; ) echo "deb-src $aptRepo" > /etc/apt/sources.list.d/pgdg.list; savedAptMark="$(apt-mark showmanual)"; tempDir="$(mktemp -d)"; cd "$tempDir"; apt-get update; apt-get install -y --no-install-recommends dpkg-dev; echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list; _update_repo() { dpkg-scanpackages . > Packages; apt-get -o Acquire::GzipIndexes=false update; }; _update_repo; nproc="$(nproc)"; export DEB_BUILD_OPTIONS="nocheck parallel=$nproc"; apt-get build-dep -y postgresql-common-dev; apt-get source --compile postgresql-common-dev; _update_repo; apt-get build-dep -y "postgresql-$PG_MAJOR=$PG_VERSION"; apt-get source --compile "postgresql-$PG_MAJOR=$PG_VERSION"; apt-mark showmanual \| xargs apt-mark auto > /dev/null; apt-mark manual $savedAptMark; ls -lAFh; _update_repo; grep '^Package: ' Packages; cd /; ;; esac; apt-get install -y --no-install-recommends postgresql-common; sed -ri 's/#(create_main_cluster) .$/\1 = false/' /etc/postgresql-common/createcluster.conf; apt-get install -y --no-install-recommends "postgresql-$PG_MAJOR=$PG_VERSION" ; rm -rf /var/lib/apt/lists/; if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove; rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi; find /usr -name '.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null \|\| rm -vf "$pyc"; done' -- '{}' +; postgres --version # buildkit	107.6 MB
	Digest: sha256:3664068a9b376780007b23b0e7bcf8d72a7a96251f78d6cf8f8419db30adb5ba Command: RUN /bin/sh -c set -eux; dpkg-divert --add --rename --divert "/usr/share/postgresql/postgresql.conf.sample.dpkg" "/usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample"; cp -v /usr/share/postgresql/postgresql.conf.sample.dpkg /usr/share/postgresql/postgresql.conf.sample; ln -sv ../postgresql.conf.sample "/usr/share/postgresql/$PG_MAJOR/"; sed -ri "s!^#?(listen_addresses)\s=\s\S+.!\1 = ''!" /usr/share/postgresql/postgresql.conf.sample; grep -F "listen_addresses = '*'" /usr/share/postgresql/postgresql.conf.sample # buildkit	10.0 KB
	Digest: sha256:abfd68ef219e825afc4b79129087da2e9044e003dcb8eed2eacfef787a5b956e Command: RUN /bin/sh -c install --verbose --directory --owner postgres --group postgres --mode 3777 /var/run/postgresql # buildkit	127 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV PGDATA=/var/lib/postgresql/data	32 bytes
	Digest: sha256:928d00623a6ec029dfc3cc43ff008272a2c365a06a6012924ca7447283f73d97 Command: RUN /bin/sh -c install --verbose --directory --owner postgres --group postgres --mode 1777 "$PGDATA" # buildkit	168 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: VOLUME [/var/lib/postgresql/data]	32 bytes
	Digest: sha256:db3ab53631e4597cad3674c607c0ef112ae876da85109e32afd44a91c9a8f79b Command: COPY docker-entrypoint.sh docker-ensure-initdb.sh /usr/local/bin/ # buildkit	5.8 KB
	Digest: sha256:f4ce9941f6e3b0a377adcf4cfa05611503a564b0d451db98aaa1c10a0c2fecd7 Command: RUN /bin/sh -c ln -sT docker-ensure-initdb.sh /usr/local/bin/docker-enforce-initdb.sh # buildkit	186 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENTRYPOINT ["docker-entrypoint.sh"]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: STOPSIGNAL SIGINT	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: EXPOSE map[5432/tcp:{}]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: CMD ["postgres"]	32 bytes

Medium severity CVEs:

library/postgres 18eb39352d750a4226849c41316…

One-liner (summary)

Description

License

Size

Downloads

Tags

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2025-49794: libxml: Heap use after free (UAF) leads to Denial of service (DoS)

CVE-2025-49796: libxml: Type confusion leads to Denial of service (DoS)

CVE-2023-45853: zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6

CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

CVE-2025-5222: icu: Stack buffer overflow in the SRBRoot::addTag function

CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function

CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

CVE-2024-25062: libxml2: use-after-free in XMLReader

CVE-2024-56171: libxml2: Use-After-Free in libxml2

CVE-2025-24928: libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

CVE-2025-27113: libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch

CVE-2025-32414: libxml2: Out-of-Bounds Read in libxml2

CVE-2025-32415: libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

CVE-2025-49795: libxml: Null pointer dereference leads to Denial of service (DoS)

CVE-2025-6021: libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2

CVE-2025-4802: glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

CVE-2023-31484: perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

CVE-2025-3576: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-22365: pam: allowing unprivileged user to block another user namespace

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-22365: pam: allowing unprivileged user to block another user namespace

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-22365: pam: allowing unprivileged user to block another user namespace

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-22365: pam: allowing unprivileged user to block another user namespace

CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths

CVE-2025-29088: sqlite: Denial of Service in SQLite

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2022-49043: libxml: use-after-free in xmlXIncludeAddNode

CVE-2023-39615: libxml2: crafted xml can cause global buffer overflow

CVE-2023-45322: libxml2: use-after-free in xmlUnlinkNode() in tree.c

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths

CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths

CVE-2025-40909: perl: Perl threads have a working directory race condition where file operations may target unintended paths

CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ...

TEMP-0841856-B18BAF: [Privilege escalation possible to other user than root]

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot

CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrp

CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring

CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring