はじめに
コンテナの脆弱性診断ツールについて調査
こちらの記事をもとにtrivyをつかってみる
https://qiita.com/knqyf263/items/dc179f9223fc31b5a51c
経緯
Fargateを導入している
コンテナにおけるセキュリティ診断ツールを検討する
とりあえずwebの脆弱性や外部アクセス診断は置いておく
Trivyにした理由
- インストールが楽
- コマンド一つで実行できる
- CIでも利用可能
実行環境
CentOS7のイメージを利用
インストール
$ sudo vi /etc/yum.repos.d/trivy.repo
[trivy]
name=Trivy repository
baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/
gpgcheck=0
enabled=1
$ sudo yum -y install trivy
スキャンしてみる
trivy [IMAGEPASS]
とりあえず公式イメージを指定してみる
trivy centos:7
結果
意外と多い…
CIへの組み込みも試してみよう
# trivy centos:7
2019-10-01T17:57:45.366Z INFO Updating vulnerability database...
2019-10-01T17:57:54.769Z INFO Detecting RHEL/CentOS vulnerabilities...
centos:7 (centos 7.6.1810)
==========================
Total: 646 (UNKNOWN: 0, LOW: 70, MEDIUM: 468, HIGH: 101, CRITICAL: 7)
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| audit-libs | CVE-2015-5186 | MEDIUM | 2.8.4-4.el7 | | Audit: log terminal emulator |
| | | | | | escape sequences handling |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| bash | CVE-2014-6277 | CRITICAL | 4.2.46-31.el7 | | bash: uninitialized here |
| | | | | | document closing delimiter |
| | | | | | pointer use |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-6278 | | | | bash: incorrect parsing of |
| | | | | | function definitions with |
| | | | | | nested command substitutions |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2019-9924 | HIGH | | | bash: BASH_CMD is writable in |
| | | | | | restricted bash shells |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2012-6711 | MEDIUM | | | bash: heap-based buffer |
| | | | | | overflow during echo of |
| | | | | | unsupported characters |
+-----------------------------+------------------+ +-----------------------+--------------------+--------------------------------------------------------------+
| bind-license | CVE-2016-6170 | | 32:9.9.4-74.el7_6.2 | | bind: Improper restriction of |
| | | | | | zone size limit |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-5741 | | | 32:9.11.4-9.P2.el7 | bind: Incorrect documentation |
| | | | | | of krb5-subdomain and |
| | | | | | ms-subdomain update policies |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-5745 | | | | bind: An assertion failure if |
| | | | | | a trust anchor rolls over to |
| | | | | | an... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2013-5661 | LOW | | | DNS response rate limiting |
| | | | | | can simplify cache poisoning |
| | | | | | attacks |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-6465 | | | | bind: Controls for zone |
| | | | | | transfers may not be properly |
| | | | | | applied to DLZs... |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| binutils | CVE-2017-14930 | HIGH | 2.27-34.base.el7 | | binutils: Memory leak in |
| | | | | | decode_line_info |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-9939 | | | | binutils: buffer overflow in |
| | | | | | ihex.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8421 | | | | binutils: Memory exhaustion in |
| | | | | | objdump via a crafted PE file |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7614 | | | | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | bfd_elf_final_link function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-12699 | | | | binutils: heap-based buffer |
| | | | | | overflow in finish_stab in |
| | | | | | stabs.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13716 | | | | binutils: Memory leak with the |
| | | | | | C++ symbol demangler routine |
| | | | | | in libiberty |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-14128 | MEDIUM | | | binutils: Heap-based |
| | | | | | buffer over-read in the |
| | | | | | decode_line_info function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15021 | | | | binutils: Heap-based |
| | | | | | buffer over-read in |
| | | | | | bfd_get_debug_link_info_1 |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12457 | | | | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | bfd_make_section_with_flags |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9754 | | | | binutils: Stack-based buffer |
| | | | | | over-read in process_otr |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8394 | | | | binutils: NULL pointer |
| | | | | | dereference in the |
| | | | | | _bfd_elf_large_com_section |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-6966 | | | | binutils: Use-after-free in |
| | | | | | target_specific_reloc_handling |
| | | | | | in readelf |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16831 | | | | binutils: Integer overflow in |
| | | | | | coffgen.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15025 | | | | binutils: Divide-by-zero in |
| | | | | | decode_line_info |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15022 | | | | binutils: NULL pointer |
| | | | | | dereference in dwarf2.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4488 | | | | gcc: Invalid write due to |
| | | | | | a use-after-free to array |
| | | | | | ktypevec |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9074 | | | | binutils: out-of-bound read |
| | | | | | in function bfd_getl32 in |
| | | | | | libbfd.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18700 | | | | binutils: Recursive Stack |
| | | | | | Overflow within function |
| | | | | | d_name, d_encoding, |
| | | | | | and d_local_name in |
| | | | | | cp-demangle.c... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-12641 | | | 2.27-41.base.el7 | binutils: Stack Exhaustion |
| | | | | | in the demangling functions |
| | | | | | provided by libiberty |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9755 | | | | binutils: Global |
| | | | | | buffer over-read in |
| | | | | | opcodes/i386-dis.c while |
| | | | | | checking invalid registers |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9747 | | | | binutils: Stack-based buffer |
| | | | | | over-read in ieee_archive_p |
| | | | | | function while disassembling |
| | | | | | corrupt IEEE binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8397 | | | | binutils: Out-of-bounds read |
| | | | | | and write while processing |
| | | | | | binary containing reloc(s) |
| | | | | | with negative... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-17125 | | | | binutils: Buffer over-read in the |
| | | | | | _bfd_elf_get_symbol_version_string |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15996 | | | | binutils: Excessive memory |
| | | | | | allocation in elfcomm.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15225 | | | | binutils: Memory leak in |
| | | | | | _bfd_dwarf2_cleanup_debug_info |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-12700 | | | | binutils: Stack Exhaustion in |
| | | | | | debug_write_type in debug.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-14038 | | | | libbfd: remote dos via |
| | | | | | crafted file in function |
| | | | | | aout_32_swap_std_reloc_out in |
| | | | | | aoutx.h |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9756 | | | | binutils: Address violation |
| | | | | | in aarch64_ext_ldst_reglist |
| | | | | | function when disassembling |
| | | | | | corrupt aarch64 binary |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16830 | | | | binutils: Segmentation fault |
| | | | | | in the print_gnu_property_note |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14529 | | | | binutils: heap-based buffer |
| | | | | | over-read in bfd_getl16 |
| | | | | | function in peXXigen.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13710 | | | | binutils: NULL pointer |
| | | | | | dereference in the setup_group |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-17985 | | | | binutils: Stack consumption |
| | | | | | problem caused by the |
| | | | | | cplus_demangle_type |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9043 | | | | binutils: Shift exponent too |
| | | | | | large for type unsigned long |
| | | | | | in readelf.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12458 | | | | binutils: out of |
| | | | | | bounds heap read in |
| | | | | | nlm_swap_auxiliary_headers_in |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12451 | | | | binutils: out of bounds stack |
| | | | | | read in _bfd_xcoff_read_ar_hdr |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-6759 | | | | binutils: Unchecked strnlen in |
| | | | | | opncls.c:bfd_get_debug_link_info_1() |
| | | | | | can allow lead to denial of |
| | | | | | service... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16826 | | | | binutils: Invalid |
| | | | | | memory access in the |
| | | | | | coff_slurp_line_table function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7300 | | | | binutils: Heap-buffer overflow |
| | | | | | in aout_link_add_symbols |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18701 | | | | binutils: infinite recursion |
| | | | | | in next_is_type_qual and |
| | | | | | cplus_demangle_type functions |
| | | | | | in cp-demangle.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9751 | | | | binutils: Stack-based |
| | | | | | buffer over-read in |
| | | | | | opcodes/rl78-decode.opc when |
| | | | | | disassembling a corrupt RL78 |
| | | | | | binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9744 | | | | binutils: Address violation |
| | | | | | in sh_elf_set_mach_from_flags |
| | | | | | function when disassembling a |
| | | | | | corrupt SH binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-17126 | | | | binutils: Invalid |
| | | | | | memory access in the |
| | | | | | load_debug_section function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-17123 | | | | binutils: NULL pointer |
| | | | | | dereference in the |
| | | | | | coff_slurp_reloc_table |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14934 | | | | binutils: Infinite loop in |
| | | | | | process_debug_info |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20657 | | | | libiberty: Memory leak in |
| | | | | | demangle_template function |
| | | | | | resulting in a denial of |
| | | | | | service... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7302 | | | | binutils: Out-of-bounds read |
| | | | | | in wap_std_reloc_out function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7210 | | | | binutils: Heap-based buffer |
| | | | | | over-reads in objdump |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-17124 | | | | binutils: Heap buffer |
| | | | | | overflow in the |
| | | | | | _bfd_coff_read_string_table |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16832 | | | | binutils: Segmentation fault |
| | | | | | in the pe_bfd_read_buildid |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15024 | | | | binutils: Infinite recursion |
| | | | | | in find_abstract_instance_name |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12967 | | | | binutils: Stack-based buffer |
| | | | | | over-read in getsym function |
| | | | | | in tekhex.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18607 | | | | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | elf_link_input_bfd in |
| | | | | | elflink.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-1000876 | | | 2.27-41.base.el7 | binutils: integer overflow |
| | | | | | leads to heap-based buffer |
| | | | | | overflow in objdump |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4493 | | | | gcc: Read access violations |
+ +------------------+ + +--------------------+ +
| | CVE-2016-4492 | | | | |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-6965 | | | | binutils: Heap-based |
| | | | | | buffer overflow in |
| | | | | | target_specific_reloc_handling |
| | | | | | in readelf |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8392 | | | | binutils: NULL pointer |
| | | | | | dereference in the |
| | | | | | _bfd_dwarf2_find_nearest_line |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14130 | | | | binutils: Heap-based |
| | | | | | buffer over-read in the |
| | | | | | _bfd_elf_parse_attributes |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9038 | | | | binutils: Heap-buffer overflow |
| | | | | | in the byte_get_little_endian |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13757 | | | | binutils: heap-based |
| | | | | | buffer over-read in |
| | | | | | elf_i386_get_synthetic_symtab |
| | | | | | in elf32-i386.c and |
| | | | | | elf_x86_64_get_synthetic_symtab |
| | | | | | in elf64-x86-64.c... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-14250 | | | | binutils: integer overflow in |
| | | | | | simple-object-elf.c leads to a |
| | | | | | heap-based buffer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9954 | | | | binutils: stack-based buffer |
| | | | | | over-read in getvalue function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14729 | | | | binutils: Heap buffer overflow |
| | | | | | in the *_get_synthetic_symtab |
| | | | | | functions |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-6131 | | | | gcc,gdb,binutils,libitm: Stack |
| | | | | | overflow vulnerability in |
| | | | | | libiberty demangler |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8538 | | | | libdwarf: Out-of-bounds read |
| | | | | | in dwarf_leb.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9748 | | | | binutils: Stack-based buffer |
| | | | | | over-read in ieee_object_p |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-6969 | | | | binutils: Heap-based buffer |
| | | | | | over-read in readelf when |
| | | | | | processing corrupt RL78 |
| | | | | | binaries |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7225 | | | | binutils: Null pointer |
| | | | | | dereference and invalid write |
| | | | | | in find_nearest_line function |
| | | | | | in addr2line... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14938 | | | | binutils: Excessive |
| | | | | | memory allocation in |
| | | | | | _bfd_elf_slurp_version_tables |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9743 | | | | binutils: Global |
| | | | | | buffer over-read in |
| | | | | | print_insn_score32 function |
| | | | | | while disassembling corrupt |
| | | | | | score binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-6872 | | | | binutils: out of bounds read |
| | | | | | in elf_parse_notes function in |
| | | | | | elf.c file in... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-17080 | | | | binutils: Heap-based buffer |
| | | | | | over-read in bfd_getl32 |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7227 | | | | binutils: Heap-based buffer |
| | | | | | overflow in ld due to missing |
| | | | | | null termination |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8398 | | | | binutils: Out-of-bounds |
| | | | | | read while dumping the debug |
| | | | | | information from a corrupt |
| | | | | | binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8393 | | | | binutils: Out-of-bounds read |
| | | | | | due to wrong assumption for |
| | | | | | objcopy and strip |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-17794 | | | | binutils: NULL pointer dereference in |
| | | | | | libiberty/cplus-dem.c:work_stuff_copy_to_from() |
| | | | | | via crafted input |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14939 | | | | binutils: Heap-based |
| | | | | | buffer over-read in the |
| | | | | | decode_line_info |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14940 | | | | binutils: NULL pointer |
| | | | | | dereference in the |
| | | | | | scan_unit_for_symbols |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9042 | | | | binutils: Invalid variable |
| | | | | | type in readelf.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9746 | | | | binutils: Heap buffer |
| | | | | | over-read in disassemble_bytes |
| | | | | | function when disassembling a |
| | | | | | corrupt binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7223 | | | | binutils: Global buffer |
| | | | | | overflow when attempting to |
| | | | | | unget EOF character |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9040 | | | | binutils: NULL pointer |
| | | | | | dereference in the |
| | | | | | process_mips_specific_function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9749 | | | | binutils: Global buffer |
| | | | | | over-read in *regs* macros |
| | | | | | when disassembling corrupt |
| | | | | | bfin binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18484 | | | | binutils: Stack exhaustion |
| | | | | | in cp-demangle.c allows for |
| | | | | | denial of service |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18605 | | | | binutils: heap-based |
| | | | | | buffer over-read in |
| | | | | | sec_merge_hash_lookup in |
| | | | | | merge.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9075 | | | | binutils: heap-based |
| | | | | | buffer overflow in function |
| | | | | | _bfd_archive_64_bit_slurp_armap |
| | | | | | in archive64.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4489 | | | | gcc: Invalid write due to |
| | | | | | integer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4491 | | | | gcc: Stack overflow due |
| | | | | | to infinite recursion in |
| | | | | | d_print_comp |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12454 | | | | binutils: Arbitrary memory |
| | | | | | read in _bfd_vms_slurp_egs |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-9138 | | | | binutils: Stack Exhaustion |
| | | | | | in the the C++ demangling |
| | | | | | functions provided by |
| | | | | | libiberty... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20002 | | | | binutils: memory leak in |
| | | | | | _bfd_generic_read_minisymbols |
| | | | | | function in syms.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18606 | | | | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | _bfd_add_merge_section in |
| | | | | | merge_strings function in |
| | | | | | merge.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7209 | | | | binutils: Null |
| | | | | | pointer dereference in |
| | | | | | dump_section_as_bytes function |
| | | | | | in readelf |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7226 | | | | binutils: Heap-based buffer |
| | | | | | over-read in pe_ILF_object_p |
| | | | | | function in libbfd |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14933 | | | | binutils: Infinite loop in |
| | | | | | read_formatted_entries |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-1010204 | | | | binutils: Improper Input |
| | | | | | Validation, Signed/Unsigned |
| | | | | | Comparison, Out-of-bounds |
| | | | | | Read in gold/fileread.cc and |
| | | | | | elfcpp/elfcpp_file.h... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7299 | | | | binutils: Out-of-bounds read |
| | | | | | in bfd_elf_final_link function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7304 | | | | binutils: Out-of-bounds read |
| | | | | | in copy_special_section_fields |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7301 | | | | binutils: Off-by-one error in |
| | | | | | aout_link_add_symbols function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15939 | | | | binutils: NULL pointer |
| | | | | | dereference in the |
| | | | | | concat_filename |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12452 | | | | binutils: out of bounds heap read in |
| | | | | | bfd_mach_o_i386_canonicalize_one_reloc |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9955 | | | | binutils: heap buffer |
| | | | | | over-read in get_build_id |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16828 | | | | binutils: Integer overflow |
| | | | | | in the display_debug_frames |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16827 | | | | binutils: Invalid free in |
| | | | | | the aout_get_external_symbols |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14974 | | | | binutils: NULL pointer |
| | | | | | dereference in the |
| | | | | | *_get_synthetic_symtab |
| | | | | | functions |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12449 | | | | binutils: out of |
| | | | | | bounds heap read in |
| | | | | | _bfd_vms_save_sized_string |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18483 | | | | binutils: Integer overflow in |
| | | | | | cplus-dem.c:get_count() allows |
| | | | | | for denial of service |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9753 | | | | binutils: Address violation |
| | | | | | in versados_mkobject function |
| | | | | | when disassembling a corrupt |
| | | | | | versados binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9044 | | | | binutils: Out-of-bounds |
| | | | | | read in the |
| | | | | | print_symbol_for_build_attribute |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9041 | | | | binutils: Heap buffer overflow |
| | | | | | in the process_mips_specific |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8396 | | | | binutils: Out-of-bounds read |
| | | | | | in the existing reloc offset |
| | | | | | range tests |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2226 | | | | gcc: Exploitable buffer |
| | | | | | overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12453 | | | | binutils: out of bounds heap |
| | | | | | read in __bfd_vms_slurp_eeom |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9039 | | | | binutils: Memory consumption |
| | | | | | via many program headers |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20673 | | | | libiberty: Integer overflow in |
| | | | | | demangle_template() function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8395 | | | | binutils: Out-of-bounds |
| | | | | | write in the |
| | | | | | _bfd_generic_get_section_contents |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-12934 | | | | binutils: Uncontrolled |
| | | | | | Resource Consumption in |
| | | | | | remember_Ktype in cplus-dem.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-6323 | | | | binutils: Integer overflow |
| | | | | | in elf_object_p function in |
| | | | | | elfcode.h |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15023 | | | | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | read_formatted_entries |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15938 | | | | binutils: Invalid memory read |
| | | | | | in find_abstract_instance_name |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-17122 | | | | binutils: Excessive |
| | | | | | memory allocation in the |
| | | | | | dump_relocs_in_section |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7224 | | | | binutils: Invalid write in |
| | | | | | find_nearest_line function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9745 | | | | binutils: Heap |
| | | | | | buffer over-read in |
| | | | | | _bfd_vms_slurp_etir function |
| | | | | | when handling VMS alpha |
| | | | | | binaries... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-12697 | | | 2.27-41.base.el7 | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | work_stuff_copy_to_from in |
| | | | | | cplus-dem.c. |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9077 | | | | binutils: heap-based |
| | | | | | buffer overflow in function |
| | | | | | process_mips_specific in |
| | | | | | readelf.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14932 | | | | binutils: Infinite loop in the |
| | | | | | decode_line_info |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15020 | | | | binutils: Heap-based buffer |
| | | | | | overflow in parse_die |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9750 | | | | binutils: Global |
| | | | | | buffer over-read in |
| | | | | | opcodes/rx-decode.opc when |
| | | | | | disassembling a corrupt RX |
| | | | | | binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-12698 | | | | binutils: excessive |
| | | | | | memory consumption in |
| | | | | | demangle_template in |
| | | | | | cplus-dem.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12799 | | | | binutils: Heap-based 1 |
| | | | | | byte buffer over-write in |
| | | | | | elf_read_notes function in |
| | | | | | bfd/elf.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16829 | | | | binutils: Out-of-bounds |
| | | | | | read in the |
| | | | | | _bfd_elf_parse_gnu_properties |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4490 | | | | gcc: Write access violation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12455 | | | | binutils: out of bounds heap |
| | | | | | read in evax_bfd_print_emh |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-17121 | | | | binutils: Memory access |
| | | | | | violation via a crafted COFF |
| | | | | | binary |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9752 | | | | binutils: Heap |
| | | | | | buffer over-read in |
| | | | | | f_bfd_vms_get_value function |
| | | | | | when processing a corrupt |
| | | | | | Alpha... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-19932 | | | | binutils: Integer overflow |
| | | | | | due to the IS_CONTAINED_BY_LMA |
| | | | | | macro resulting in a denial... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9742 | | | | binutils: Global |
| | | | | | buffer over-read in |
| | | | | | print_insn_score16 function |
| | | | | | while disassembling corrupt |
| | | | | | score binary... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4487 | | | | gcc: Invalid write due to |
| | | | | | a use-after-free to array |
| | | | | | btypevec |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-12456 | | | | binutils: out of |
| | | | | | bounds heap read in |
| | | | | | read_symbol_stabs_debugging_inf |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14745 | | | | binutils: Integer overflow |
| | | | | | in the *_get_synthetic_symtab |
| | | | | | functions |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-14129 | | | | binutils: Heap-based buffer |
| | | | | | over-read in the read_section |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7303 | | | | binutils: Out-of-bounds read |
| | | | | | in find_link function |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| bzip2-libs | CVE-2019-12900 | HIGH | 1.0.6-13.el7 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2016-3189 | MEDIUM | | | bzip2: heap use after free in |
| | | | | | bzip2recover |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| coreutils | CVE-2014-9471 | HIGH | 8.22-23.el7 | | coreutils: memory corruption |
| | | | | | flaw in parse_datetime() |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-18018 | LOW | | | coreutils: race condition |
| | | | | | vulnerability in chown and |
| | | | | | chgrp |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-4041 | | | | coreutils: heap buffer |
| | | | | | overflow in sort(1) |
| | | | | | keycompare_mb() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2781 | | | | coreutils: Non-privileged |
| | | | | | session can escape to the |
| | | | | | parent session in chroot |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-4042 | | | | coreutils: possible buffer |
| | | | | | overflow in keycompare_mb() |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| cpio | CVE-2016-2037 | MEDIUM | 2.11-27.el7 | | cpio: out of bounds write |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-1197 | LOW | | | cpio: directory traversal |
| | | | | | through symlinks |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| cracklib | CVE-2016-6318 | HIGH | 2.9.0-11.el7 | | cracklib: Stack-based buffer |
| | | | | | overflow when parsing large |
| | | | | | GECOS field |
+-----------------------------+ + + +--------------------+ +
| cracklib-dicts | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+ +-----------------------+--------------------+--------------------------------------------------------------+
| curl | CVE-2016-8618 | | 7.29.0-51.el7_6.3 | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2016-0755 | MEDIUM | | | curl: NTLM credentials |
| | | | | | not-checked for proxy |
| | | | | | connection re-use |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9586 | | | | curl: printf floating point |
| | | | | | buffer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8621 | | | | curl: curl_getdate |
| | | | | | out-of-bounds read |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8616 | | | | curl: Case insensitive |
| | | | | | password comparison |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8623 | | | | curl: Use-after-free via |
| | | | | | shared cookies |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8624 | | | | curl: Invalid URL parsing with |
| | | | | | '#' |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-3153 | | | | curl: sensitive HTTP server |
| | | | | | headers also sent to proxies |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-16842 | | | 7.29.0-54.el7 | curl: Heap-based buffer |
| | | | | | over-read in the curl tool |
| | | | | | warning formatting |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-1000100 | | | | curl: TFTP sends more than |
| | | | | | buffer size |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8617 | | | | curl: Out-of-bounds write via |
| | | | | | unchecked multiplication |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-5436 | | | | curl: TFTP receive |
| | | | | | heap buffer overflow in |
| | | | | | tftp_receive_packet() function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-1000254 | | | | curl: FTP PWD response parser |
| | | | | | out of bounds read |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8625 | | | | curl: IDNA 2003 makes curl use |
| | | | | | wrong host |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8615 | | | | curl: Cookie injection for |
| | | | | | other servers |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-20483 | LOW | | | wget: Information exposure in |
| | | | | | set_file_metadata function in |
| | | | | | xattr.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7407 | | | | curl: --write-out out of |
| | | | | | bounds read |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| dbus | CVE-2014-3635 | MEDIUM | 1:1.10.24-13.el7_6 | | dbus: heap-based buffer |
| | | | | | overflow flaw in file |
| | | | | | descriptor passing |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2014-3639 | LOW | | | dbus: denial of service flaw |
| | | | | | in incomplete connection |
| | | | | | handling |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3532 | | | | dbus: denial of service |
| | | | | | in file descriptor passing |
| | | | | | feature |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3637 | | | | dbus: denial of service by |
| | | | | | creating unkillable D-Bus |
| | | | | | connections |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-0245 | | | | dbus: denial of service in |
| | | | | | dbus systemd activation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3533 | | | | dbus: denial of service |
| | | | | | when forwarding invalid file |
| | | | | | descriptors |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-12749 | | | | dbus: DBusServer |
| | | | | | DBUS_COOKIE_SHA1 |
| | | | | | authentication bypass |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3636 | | | | dbus: denial of service by |
| | | | | | queuing or splitting file |
| | | | | | descriptors |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3477 | | | | dbus: denial of service flaw |
| | | | | | in dbus-daemon |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3638 | | | | dbus: denial of service in |
| | | | | | method call handling |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| dbus-libs | CVE-2014-3635 | MEDIUM | | | dbus: heap-based buffer |
| | | | | | overflow flaw in file |
| | | | | | descriptor passing |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2014-3638 | LOW | | | dbus: denial of service in |
| | | | | | method call handling |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3636 | | | | dbus: denial of service by |
| | | | | | queuing or splitting file |
| | | | | | descriptors |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3639 | | | | dbus: denial of service flaw |
| | | | | | in incomplete connection |
| | | | | | handling |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3533 | | | | dbus: denial of service |
| | | | | | when forwarding invalid file |
| | | | | | descriptors |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3477 | | | | dbus: denial of service flaw |
| | | | | | in dbus-daemon |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-12749 | | | | dbus: DBusServer |
| | | | | | DBUS_COOKIE_SHA1 |
| | | | | | authentication bypass |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3637 | | | | dbus: denial of service by |
| | | | | | creating unkillable D-Bus |
| | | | | | connections |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-0245 | | | | dbus: denial of service in |
| | | | | | dbus systemd activation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3532 | | | | dbus: denial of service |
| | | | | | in file descriptor passing |
| | | | | | feature |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| dracut | CVE-2016-4484 | HIGH | 033-554.el7 | | dracut: Brute force attack on |
| | | | | | LUKS password decryption via |
| | | | | | initramfs |
+-----------------------------+------------------+ +-----------------------+--------------------+--------------------------------------------------------------+
| elfutils-default-yama-scope | CVE-2018-16402 | | 0.172-2.el7 | 0.176-2.el7 | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-7611 | MEDIUM | | | elfutils: Heap-buffer overflow |
| | | | | | in the check_symtab_shndx |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7608 | | | | elfutils: Heap-buffer |
| | | | | | overflow in the |
| | | | | | ebl_object_note_type_name |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-10255 | | | | elfutils: Memory |
| | | | | | allocation failure in |
| | | | | | __libelf_set_rawdata_wrlock |
| | | | | | (elf_getdata.c) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-7664 | | | 0.176-2.el7 | elfutils: Out of bound |
| | | | | | write in elf_cvt_note in |
| | | | | | libelf/note_xlate.h |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2018-18521 | | | | elfutils: Divide-by-zero in |
| | | | | | arlib_add_symbols function in |
| | | | | | arlib.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7612 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the check_sysv_hash |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18520 | | | 0.176-2.el7 | elfutils: eu-size cannot |
| | | | | | handle recursive ar files |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2018-18310 | | | | elfutils: invalid memory |
| | | | | | address dereference |
| | | | | | was discovered in |
| | | | | | dwfl_segment_report_module.c |
| | | | | | in libdwfl |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2019-7665 | | | | elfutils: heap-based |
| | | | | | buffer over-read in |
| | | | | | function elf32_xlatetom in |
| | | | | | elf32_xlatetom.c |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2019-7149 | | | | elfutils: heap-based buffer |
| | | | | | over-read in read_srclines in |
| | | | | | dwarf_getsrclines.c in libdw |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7607 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the handle_gnu_hash |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7610 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the check_group function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-7150 | | | 0.176-2.el7 | elfutils: segmentation |
| | | | | | fault in elf64_xlatetom in |
| | | | | | libelf/elf32_xlatetom.c |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2018-16403 | | | | elfutils: Heap-based |
| | | | | | buffer over-read in |
| | | | | | libdw/dwarf_getabbrev.c and |
| | | | | | libwd/dwarf_hasattr.c causes |
| | | | | | crash |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2018-16062 | | | | elfutils: Heap-based buffer over-read in |
| | | | | | libdw/dwarf_getaranges.c:dwarf_getaranges() |
| | | | | | via crafted file |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7613 | | | | elfutils: elflint.c does |
| | | | | | not validate the number of |
| | | | | | sections and segments |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7609 | | | | elfutils: Memory allocation |
| | | | | | failure in elf_compress.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-10254 | | | | elfutils: Memory allocation |
| | | | | | failure in allocate_elf |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| elfutils-libelf | CVE-2018-16402 | HIGH | | 0.176-2.el7 | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+ +------------------+----------+ + +--------------------------------------------------------------+
| | CVE-2018-16062 | MEDIUM | | | elfutils: Heap-based buffer over-read in |
| | | | | | libdw/dwarf_getaranges.c:dwarf_getaranges() |
| | | | | | via crafted file |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7609 | | | | elfutils: Memory allocation |
| | | | | | failure in elf_compress.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-16403 | | | 0.176-2.el7 | elfutils: Heap-based |
| | | | | | buffer over-read in |
| | | | | | libdw/dwarf_getabbrev.c and |
| | | | | | libwd/dwarf_hasattr.c causes |
| | | | | | crash |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2018-18310 | | | | elfutils: invalid memory |
| | | | | | address dereference |
| | | | | | was discovered in |
| | | | | | dwfl_segment_report_module.c |
| | | | | | in libdwfl |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2018-18520 | | | | elfutils: eu-size cannot |
| | | | | | handle recursive ar files |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-10254 | | | | elfutils: Memory allocation |
| | | | | | failure in allocate_elf |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7607 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the handle_gnu_hash |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7610 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the check_group function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-7664 | | | 0.176-2.el7 | elfutils: Out of bound |
| | | | | | write in elf_cvt_note in |
| | | | | | libelf/note_xlate.h |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2019-7665 | | | | elfutils: heap-based |
| | | | | | buffer over-read in |
| | | | | | function elf32_xlatetom in |
| | | | | | elf32_xlatetom.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7608 | | | | elfutils: Heap-buffer |
| | | | | | overflow in the |
| | | | | | ebl_object_note_type_name |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18521 | | | 0.176-2.el7 | elfutils: Divide-by-zero in |
| | | | | | arlib_add_symbols function in |
| | | | | | arlib.c |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2019-7149 | | | | elfutils: heap-based buffer |
| | | | | | over-read in read_srclines in |
| | | | | | dwarf_getsrclines.c in libdw |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2019-7150 | | | | elfutils: segmentation |
| | | | | | fault in elf64_xlatetom in |
| | | | | | libelf/elf32_xlatetom.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-10255 | | | | elfutils: Memory |
| | | | | | allocation failure in |
| | | | | | __libelf_set_rawdata_wrlock |
| | | | | | (elf_getdata.c) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7611 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the check_symtab_shndx |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7613 | | | | elfutils: elflint.c does |
| | | | | | not validate the number of |
| | | | | | sections and segments |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7612 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the check_sysv_hash |
| | | | | | function |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| elfutils-libs | CVE-2018-16402 | HIGH | | 0.176-2.el7 | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+ +------------------+----------+ + +--------------------------------------------------------------+
| | CVE-2019-7665 | MEDIUM | | | elfutils: heap-based |
| | | | | | buffer over-read in |
| | | | | | function elf32_xlatetom in |
| | | | | | elf32_xlatetom.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-10254 | | | | elfutils: Memory allocation |
| | | | | | failure in allocate_elf |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7608 | | | | elfutils: Heap-buffer |
| | | | | | overflow in the |
| | | | | | ebl_object_note_type_name |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7611 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the check_symtab_shndx |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18310 | | | 0.176-2.el7 | elfutils: invalid memory |
| | | | | | address dereference |
| | | | | | was discovered in |
| | | | | | dwfl_segment_report_module.c |
| | | | | | in libdwfl |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2018-18521 | | | | elfutils: Divide-by-zero in |
| | | | | | arlib_add_symbols function in |
| | | | | | arlib.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7612 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the check_sysv_hash |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7610 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the check_group function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7609 | | | | elfutils: Memory allocation |
| | | | | | failure in elf_compress.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7607 | | | | elfutils: Heap-buffer overflow |
| | | | | | in the handle_gnu_hash |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-16403 | | | 0.176-2.el7 | elfutils: Heap-based |
| | | | | | buffer over-read in |
| | | | | | libdw/dwarf_getabbrev.c and |
| | | | | | libwd/dwarf_hasattr.c causes |
| | | | | | crash |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2019-7150 | | | | elfutils: segmentation |
| | | | | | fault in elf64_xlatetom in |
| | | | | | libelf/elf32_xlatetom.c |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2019-7149 | | | | elfutils: heap-based buffer |
| | | | | | over-read in read_srclines in |
| | | | | | dwarf_getsrclines.c in libdw |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2018-18520 | | | | elfutils: eu-size cannot |
| | | | | | handle recursive ar files |
+ +------------------+ + + +--------------------------------------------------------------+
| | CVE-2019-7664 | | | | elfutils: Out of bound |
| | | | | | write in elf_cvt_note in |
| | | | | | libelf/note_xlate.h |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7613 | | | | elfutils: elflint.c does |
| | | | | | not validate the number of |
| | | | | | sections and segments |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-10255 | | | | elfutils: Memory |
| | | | | | allocation failure in |
| | | | | | __libelf_set_rawdata_wrlock |
| | | | | | (elf_getdata.c) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-16062 | | | 0.176-2.el7 | elfutils: Heap-based buffer over-read in |
| | | | | | libdw/dwarf_getaranges.c:dwarf_getaranges() |
| | | | | | via crafted file |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| expat | CVE-2015-2716 | HIGH | 2.1.0-10.el7_3 | | Mozilla: Buffer overflow when |
| | | | | | parsing compressed XML (MFSA |
| | | | | | 2015-54) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9063 | | | | firefox: Possible integer |
| | | | | | overflow to fix inside |
| | | | | | XML_Parse in Expat |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-5300 | | | | expat: Little entropy used for |
| | | | | | hash initialization |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2019-15903 | MEDIUM | | | expat: heap-based buffer |
| | | | | | over-read via crafted XML |
| | | | | | input |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4472 | | | | expat: Undefined behavior and |
| | | | | | pointer overflows |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2013-0341 | | | | expat: external entity |
| | | | | | expansion |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2012-6702 | | | | expat: Using XML_Parse before |
| | | | | | rand() results into non-random |
| | | | | | output |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9233 | | | | expat: Inifinite loop due to |
| | | | | | invalid XML in external entity |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2013-0340 | | | | expat: internal entity |
| | | | | | expansion |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| file-libs | CVE-2015-8865 | HIGH | 5.11-35.el7 | | file: Buffer over-write in |
| | | | | | finfo_open with malformed |
| | | | | | magic file |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-10360 | MEDIUM | | | file: out-of-bounds read via a |
| | | | | | crafted ELF file |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-9620 | | | | file: limit the number of ELF |
| | | | | | notes processed |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| glib2 | CVE-2015-8391 | CRITICAL | 2.56.1-4.el7_6 | | pcre: inefficient posix |
| | | | | | character class syntax check |
| | | | | | (8.38/16) |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-2327 | HIGH | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | zero-repeated groups that |
| | | | | | include recursive back... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8386 | | | | pcre: Buffer overflow caused |
| | | | | | by lookbehind assertion |
| | | | | | (8.38/6) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8388 | | | | CVE-2015-5073 CVE-2015-8388 |
| | | | | | pcre: buffer overflow for |
| | | | | | forward reference within |
| | | | | | backward assertion with... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8394 | | | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-3191 | | | | pcre: workspace overflow |
| | | | | | for (*ACCEPT) with deeply |
| | | | | | nested parentheses (8.39/13, |
| | | | | | 10.22/12) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-16428 | | | | glib2: NULL pointer dereference in |
| | | | | | g_markup_parse_context_end_parse() |
| | | | | | function in gmarkup.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8385 | | | | pcre: buffer overflow caused |
| | | | | | by named forward reference to |
| | | | | | duplicate group number... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-2328 | | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | recursive reference in a group |
| | | | | | with... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-12450 | | | | glib2: file_copy_fallback in |
| | | | | | gio/gfile.c in GNOME GLib does |
| | | | | | not properly restrict file... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2019-9633 | MEDIUM | | | glib: |
| | | | | | g_socket_client_connected_callback |
| | | | | | in gio/gsocketclient.c allows to |
| | | | | | cause denial of service |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-16429 | | | | glib2: Out-of-bounds read in |
| | | | | | g_markup_parse_context_parse() |
| | | | | | in gmarkup.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7245 | | | | pcre: stack-based |
| | | | | | buffer overflow write in |
| | | | | | pcre32_copy_substring |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-5073 | | | | CVE-2015-8388 pcre: buffer |
| | | | | | overflow for forward reference |
| | | | | | within backward assertion with |
| | | | | | excess... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7246 | | | | pcre: stack-based |
| | | | | | buffer overflow write in |
| | | | | | pcre32_copy_substring |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-13012 | | | | glib2: insecure permissions |
| | | | | | for files and directories |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-3217 | | | | pcre: stack overflow caused by |
| | | | | | mishandled group empty match |
| | | | | | (8.38/11) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7244 | | | | pcre: invalid memory read in |
| | | | | | _pcre32_xclass (pcre_xclass.c) |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-16231 | LOW | | | pcre: self-recursive call in |
| | | | | | match() in pcre_exec.c leads |
| | | | | | to denial of service... |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| glibc | CVE-2019-9169 | HIGH | 2.17-260.el7_6.6 | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4429 | | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-4043 | | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2016-10739 | MEDIUM | | 2.17-292.el7 | glibc: getaddrinfo should |
| | | | | | reject IP addresses with |
| | | | | | trailing characters |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15671 | | | | glibc: Memory leak in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8984 | | | | glibc: potential denial of |
| | | | | | service in internal_fnmatch() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8982 | | | | glibc: multiple overflows in |
| | | | | | strxfrm() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8985 | | | | glibc: potential denial of |
| | | | | | service in pop_fail_stack() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8983 | | | | glibc: _IO_wstr_overflow |
| | | | | | integer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2009-5155 | | | | glibc: parse_reg_exp in |
| | | | | | posix/regcomp.c misparses |
| | | | | | alternatives leading to denial |
| | | | | | of service or... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-1234 | | | | glibc: Stack-based buffer |
| | | | | | overflow in glob with |
| | | | | | GLOB_ALTDIRFUNC and crafted |
| | | | | | directory |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| glibc-common | CVE-2016-4429 | HIGH | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-4043 | | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-8982 | MEDIUM | | | glibc: multiple overflows in |
| | | | | | strxfrm() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-10739 | | | 2.17-292.el7 | glibc: getaddrinfo should |
| | | | | | reject IP addresses with |
| | | | | | trailing characters |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8983 | | | | glibc: _IO_wstr_overflow |
| | | | | | integer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8985 | | | | glibc: potential denial of |
| | | | | | service in pop_fail_stack() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8984 | | | | glibc: potential denial of |
| | | | | | service in internal_fnmatch() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-1234 | | | | glibc: Stack-based buffer |
| | | | | | overflow in glob with |
| | | | | | GLOB_ALTDIRFUNC and crafted |
| | | | | | directory |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2009-5155 | | | | glibc: parse_reg_exp in |
| | | | | | posix/regcomp.c misparses |
| | | | | | alternatives leading to denial |
| | | | | | of service or... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15671 | | | | glibc: Memory leak in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+-----------------------------+------------------+ +-----------------------+--------------------+--------------------------------------------------------------+
| gnupg2 | CVE-2018-9234 | | 2.0.22-5.el7_5 | | GnuPG: Unenforced |
| | | | | | configuration allows |
| | | | | | for apparently valid |
| | | | | | certifications actually signed |
| | | | | | by signing... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-13050 | | | | GnuPG: interaction between the |
| | | | | | sks-keyserver code and GnuPG |
| | | | | | allows for a Certificate... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-4617 | | | | gnupg: infinite loop when |
| | | | | | decompressing data packets |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2014-3591 | LOW | | | libgcrypt: use ciphertext |
| | | | | | blinding for Elgamal |
| | | | | | decryption (new side-channel |
| | | | | | attack) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-0837 | | | | libgcrypt: last-level cache |
| | | | | | side-channel attack |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-1606 | | | | gnupg2: invalid memory read |
| | | | | | using a garbled keyring |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-1607 | | | | gnupg2: memcpy with |
| | | | | | overlapping ranges |
| | | | | | (keybox_search.c) |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| gpgme | CVE-2014-3564 | MEDIUM | 1.3.2-5.el7 | | gpgme: heap-based buffer |
| | | | | | overflow in gpgsm status |
| | | | | | handler |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| krb5-libs | CVE-2017-11462 | HIGH | 1.15.1-37.el7_6 | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-2695 | | | | krb5: SPNEGO context aliasing |
| | | | | | bugs |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-2696 | | | | krb5: IAKERB context aliasing |
| | | | | | flaw |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-5709 | MEDIUM | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-2697 | | | | krb5: build_principal() memory |
| | | | | | flaw |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-5710 | | | | krb5: null pointer deference |
| | | | | | in strlen function in |
| | | | | | plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2014-5351 | LOW | | | krb5: current keys returned |
| | | | | | when randomizing the keys for |
| | | | | | a service principal... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20217 | | | | krb5: Reachable assertion |
| | | | | | in the KDC using S4U2Self |
| | | | | | requests |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libblkid | CVE-2016-2779 | HIGH | 2.23.2-59.el7_6.1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-9114 | | | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-5218 | LOW | | | colcrt: global-buffer-overflow |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libcom_err | CVE-2015-1572 | MEDIUM | 1.42.9-13.el7 | | e2fsprogs: potential buffer |
| | | | | | overflow in closefs() |
| | | | | | (incomplete CVE-2015-0247 fix) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-0247 | | | | e2fsprogs: ext2fs_open2() |
| | | | | | missing first_meta_bg boundary |
| | | | | | check leading to heap buffer |
| | | | | | overflow (oCERT-015-002)... |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libcurl | CVE-2016-8618 | HIGH | 7.29.0-51.el7_6.3 | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2016-8625 | MEDIUM | | | curl: IDNA 2003 makes curl use |
| | | | | | wrong host |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8623 | | | | curl: Use-after-free via |
| | | | | | shared cookies |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-1000100 | | | | curl: TFTP sends more than |
| | | | | | buffer size |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-3153 | | | | curl: sensitive HTTP server |
| | | | | | headers also sent to proxies |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-1000254 | | | | curl: FTP PWD response parser |
| | | | | | out of bounds read |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-5436 | | | | curl: TFTP receive |
| | | | | | heap buffer overflow in |
| | | | | | tftp_receive_packet() function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8621 | | | | curl: curl_getdate |
| | | | | | out-of-bounds read |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9586 | | | | curl: printf floating point |
| | | | | | buffer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-0755 | | | | curl: NTLM credentials |
| | | | | | not-checked for proxy |
| | | | | | connection re-use |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-16842 | | | 7.29.0-54.el7 | curl: Heap-based buffer |
| | | | | | over-read in the curl tool |
| | | | | | warning formatting |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8617 | | | | curl: Out-of-bounds write via |
| | | | | | unchecked multiplication |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8615 | | | | curl: Cookie injection for |
| | | | | | other servers |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8624 | | | | curl: Invalid URL parsing with |
| | | | | | '#' |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-8616 | | | | curl: Case insensitive |
| | | | | | password comparison |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-7407 | LOW | | | curl: --write-out out of |
| | | | | | bounds read |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20483 | | | | wget: Information exposure in |
| | | | | | set_file_metadata function in |
| | | | | | xattr.c |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libdb | CVE-2017-10140 | MEDIUM | 5.3.21-24.el7 | | libdb: Reads DB_CONFIG from |
| | | | | | the current working directory |
+-----------------------------+ + + +--------------------+ +
| libdb-utils | | | | | |
| | | | | | |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libgcc | CVE-2014-5044 | HIGH | 4.8.5-36.el7_6.2 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2016-6131 | MEDIUM | | | gcc,gdb,binutils,libitm: Stack |
| | | | | | overflow vulnerability in |
| | | | | | libiberty demangler |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4487 | | | | gcc: Invalid write due to |
| | | | | | a use-after-free to array |
| | | | | | btypevec |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-5276 | | | | gcc: Predictable randomness |
| | | | | | from std::random_device |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4489 | | | | gcc: Invalid write due to |
| | | | | | integer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4490 | | | | gcc: Write access violation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4488 | | | | gcc: Invalid write due to |
| | | | | | a use-after-free to array |
| | | | | | ktypevec |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20657 | | | | libiberty: Memory leak in |
| | | | | | demangle_template function |
| | | | | | resulting in a denial of |
| | | | | | service... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4493 | | | | gcc: Read access violations |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20673 | | | | libiberty: Integer overflow in |
| | | | | | demangle_template() function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4492 | | | | gcc: Read access violations |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4491 | | | | gcc: Stack overflow due |
| | | | | | to infinite recursion in |
| | | | | | d_print_comp |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2226 | | | | gcc: Exploitable buffer |
| | | | | | overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-14250 | | | | binutils: integer overflow in |
| | | | | | simple-object-elf.c leads to a |
| | | | | | heap-based buffer overflow |
+-----------------------------+------------------+ +-----------------------+--------------------+--------------------------------------------------------------+
| libgcrypt | CVE-2017-7526 | | 1.5.3-14.el7 | | libgcrypt: Use of |
| | | | | | left-to-right sliding window |
| | | | | | method allows full RSA key |
| | | | | | recovery... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-12904 | | | | Libgcrypt: physical addresses |
| | | | | | being available to other |
| | | | | | processes leads to a |
| | | | | | flush-and-reload... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2014-3591 | LOW | | | libgcrypt: use ciphertext |
| | | | | | blinding for Elgamal |
| | | | | | decryption (new side-channel |
| | | | | | attack) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-0837 | | | | libgcrypt: last-level cache |
| | | | | | side-channel attack |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-5270 | | | | libgcrypt: ELGAMAL |
| | | | | | side-channel attack |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libidn | CVE-2017-14062 | HIGH | 1.28-4.el7 | | libidn2: Integer overflow in |
| | | | | | puny_decode.c/decode_digit |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-2059 | | | | libidn: out-of-bounds read |
| | | | | | with stringprep on invalid |
| | | | | | UTF-8 |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2016-6263 | MEDIUM | | | libidn: Crash when given |
| | | | | | invalid UTF-8 data on input |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-6262 | | | | libidn: Out-of-bounds read |
| | | | | | when reading zero byte as |
| | | | | | input |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8948 | | | | libidn: Out-of-bounds read |
| | | | | | due to use of fgets with |
| | | | | | fixed-size buffer |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-6261 | | | | libidn: Out of bounds stack |
| | | | | | read in idna_to_ascii_4i |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libmount | CVE-2014-9114 | HIGH | 2.23.2-59.el7_6.1 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-5218 | LOW | | | colcrt: global-buffer-overflow |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| libsmartcols | CVE-2016-2779 | HIGH | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-9114 | | | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-5218 | LOW | | | colcrt: global-buffer-overflow |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libssh2 | CVE-2019-3861 | MEDIUM | 1.4.3-12.el7_6.3 | 1.8.0-3.el7 | libssh2: Out-of-bounds reads |
| | | | | | with specially crafted SSH |
| | | | | | packets |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-3860 | | | | libssh2: Out-of-bounds reads |
| | | | | | with specially crafted SFTP |
| | | | | | packets |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-13115 | | | | libssh2: integer overflow in |
| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
| | | | | | in kex.c leads to out-of-bounds write |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-3859 | | | | libssh2: Unchecked use of |
| | | | | | _libssh2_packet_require and |
| | | | | | _libssh2_packet_requirev |
| | | | | | resulting in out-of-bounds |
| | | | | | read |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-3858 | | | 1.8.0-3.el7 | libssh2: Zero-byte allocation |
| | | | | | with a specially crafted SFTP |
| | | | | | packed leading to an... |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libstdc++ | CVE-2014-5044 | HIGH | 4.8.5-36.el7_6.2 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-5276 | MEDIUM | | | gcc: Predictable randomness |
| | | | | | from std::random_device |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4488 | | | | gcc: Invalid write due to |
| | | | | | a use-after-free to array |
| | | | | | ktypevec |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-6131 | | | | gcc,gdb,binutils,libitm: Stack |
| | | | | | overflow vulnerability in |
| | | | | | libiberty demangler |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4487 | | | | gcc: Invalid write due to |
| | | | | | a use-after-free to array |
| | | | | | btypevec |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4492 | | | | gcc: Read access violations |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4489 | | | | gcc: Invalid write due to |
| | | | | | integer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2226 | | | | gcc: Exploitable buffer |
| | | | | | overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20657 | | | | libiberty: Memory leak in |
| | | | | | demangle_template function |
| | | | | | resulting in a denial of |
| | | | | | service... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4493 | | | | gcc: Read access violations |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-14250 | | | | binutils: integer overflow in |
| | | | | | simple-object-elf.c leads to a |
| | | | | | heap-based buffer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4490 | | | | gcc: Write access violation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20673 | | | | libiberty: Integer overflow in |
| | | | | | demangle_template() function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4491 | | | | gcc: Stack overflow due |
| | | | | | to infinite recursion in |
| | | | | | d_print_comp |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libtasn1 | CVE-2018-1000654 | HIGH | 4.10-1.el7 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-10790 | MEDIUM | | | libtasn1: NULL pointer |
| | | | | | dereference in the |
| | | | | | _asn1_check_identifier |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4008 | | | | libtasn1: infinite loop while |
| | | | | | parsing DER certificates |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-6003 | | | | libtasn1: Stack exhaustion due |
| | | | | | to indefinite recursion during |
| | | | | | BER decoding |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-6891 | | | | libtasn1: Stack-based buffer |
| | | | | | overflow in asn1_find_node() |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libuuid | CVE-2016-2779 | HIGH | 2.23.2-59.el7_6.1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-9114 | | | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-5218 | LOW | | | colcrt: global-buffer-overflow |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| libxml2 | CVE-2016-4658 | CRITICAL | 2.9.1-6.el7_2.3 | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-7375 | HIGH | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16931 | | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-8872 | MEDIUM | | | libxml2: Out-of-bounds read in |
| | | | | | htmlParseTryOrFinish |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9047 | | | | libxml2: Buffer |
| | | | | | overflow in function |
| | | | | | xmlSnprintfElementContent |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2073 | | | | libxml2: out-of-bounds read in |
| | | | | | htmlParseNameComplex() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-14567 | | | | libxml2: Infinite loop when |
| | | | | | --with-lzma is used allows for |
| | | | | | denial of service... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-18258 | | | | libxml2: denial of service in |
| | | | | | xz_head function in xzlib.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-14404 | | | | libxml2: NULL pointer |
| | | | | | dereference in |
| | | | | | xpath.c:xmlXPathCompOpEval() |
| | | | | | can allow attackers to cause |
| | | | | | a... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-5131 | | | | libxml2: use after free |
| | | | | | triggered by XPointer paths |
| | | | | | beginning with range-to |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16932 | | | | libxml2: Infinite recursion in |
| | | | | | parameter entities |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15412 | | | | chromium-browser: use after |
| | | | | | free in libxml |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8806 | | | | libxml2: heap-buffer overread |
| | | | | | in dict.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9049 | | | | libxml2: Heap-based buffer |
| | | | | | over-read in function |
| | | | | | xmlDictComputeFastKey |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4483 | | | | libxml2: out-of-bounds read |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9048 | | | | libxml2: Stack-based |
| | | | | | buffer overflow in function |
| | | | | | xmlSnprintfElementContent |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9050 | | | | libxml2: Heap-based buffer |
| | | | | | over-read in function |
| | | | | | xmlDictAddString |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-0663 | | | | libxml2: Heap buffer overflow |
| | | | | | in xmlAddID |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9318 | | | | libxml2: XML External Entity |
| | | | | | vulnerability |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-8035 | LOW | | | libxml2: DoS when parsing |
| | | | | | specially crafted XML document |
| | | | | | if XZ support is... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-5969 | | | | libxml2: Null pointer |
| | | | | | dereference in xmlSaveDoc |
| | | | | | implementation |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| libxml2-python | CVE-2016-4658 | CRITICAL | | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-7375 | HIGH | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16931 | | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-15412 | MEDIUM | | | chromium-browser: use after |
| | | | | | free in libxml |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-18258 | | | | libxml2: denial of service in |
| | | | | | xz_head function in xzlib.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-14404 | | | | libxml2: NULL pointer |
| | | | | | dereference in |
| | | | | | xpath.c:xmlXPathCompOpEval() |
| | | | | | can allow attackers to cause |
| | | | | | a... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-0663 | | | | libxml2: Heap buffer overflow |
| | | | | | in xmlAddID |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4483 | | | | libxml2: out-of-bounds read |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8806 | | | | libxml2: heap-buffer overread |
| | | | | | in dict.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9048 | | | | libxml2: Stack-based |
| | | | | | buffer overflow in function |
| | | | | | xmlSnprintfElementContent |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16932 | | | | libxml2: Infinite recursion in |
| | | | | | parameter entities |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9049 | | | | libxml2: Heap-based buffer |
| | | | | | over-read in function |
| | | | | | xmlDictComputeFastKey |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9047 | | | | libxml2: Buffer |
| | | | | | overflow in function |
| | | | | | xmlSnprintfElementContent |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-14567 | | | | libxml2: Infinite loop when |
| | | | | | --with-lzma is used allows for |
| | | | | | denial of service... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-5131 | | | | libxml2: use after free |
| | | | | | triggered by XPointer paths |
| | | | | | beginning with range-to |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-9050 | | | | libxml2: Heap-based buffer |
| | | | | | over-read in function |
| | | | | | xmlDictAddString |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2073 | | | | libxml2: out-of-bounds read in |
| | | | | | htmlParseNameComplex() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9318 | | | | libxml2: XML External Entity |
| | | | | | vulnerability |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-8872 | | | | libxml2: Out-of-bounds read in |
| | | | | | htmlParseTryOrFinish |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-8035 | LOW | | | libxml2: DoS when parsing |
| | | | | | specially crafted XML document |
| | | | | | if XZ support is... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-5969 | | | | libxml2: Null pointer |
| | | | | | dereference in xmlSaveDoc |
| | | | | | implementation |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| lua | CVE-2014-5461 | MEDIUM | 5.1.4-15.el7 | | lua: overflow flaw in vararg |
| | | | | | functions |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| ncurses | CVE-2017-10684 | HIGH | 5.9-14.20130511.el7_4 | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-11112 | MEDIUM | | | ncurses: Illegal address |
| | | | | | access in append_acs function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-19217 | | | | ncurses: Null pointer |
| | | | | | dereference at function |
| | | | | | _nc_name_match |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13728 | | | | ncurses: Infinite loop in the |
| | | | | | next_char function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16879 | | | | ncurses: Stack-based |
| | | | | | buffer overflow in the |
| | | | | | _nc_write_entry function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13731 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | postprocess_termcap() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-11113 | | | | ncurses: Null pointer |
| | | | | | dereference vulnerability in |
| | | | | | _nc_parse_entry function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13734 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | _nc_safe_strcat |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-19211 | | | | ncurses: Null pointer |
| | | | | | dereference at function |
| | | | | | _nc_parse_entry in |
| | | | | | parse_entry.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13732 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | dump_uses() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13730 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | _nc_read_entry_source() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13733 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | fmt_entry |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13729 | | | | ncurses: Illegal address |
| | | | | | access in the _nc_save_str |
| | | | | | function |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-10754 | LOW | | | ncurses: NULL Pointer |
| | | | | | Dereference in |
| | | | | | _nc_parse_entry function in |
| | | | | | tinfo/parse_entry.c. |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| ncurses-base | CVE-2017-10685 | HIGH | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-10684 | | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-13733 | MEDIUM | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | fmt_entry |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13729 | | | | ncurses: Illegal address |
| | | | | | access in the _nc_save_str |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16879 | | | | ncurses: Stack-based |
| | | | | | buffer overflow in the |
| | | | | | _nc_write_entry function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13730 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | _nc_read_entry_source() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13734 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | _nc_safe_strcat |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-11113 | | | | ncurses: Null pointer |
| | | | | | dereference vulnerability in |
| | | | | | _nc_parse_entry function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13728 | | | | ncurses: Infinite loop in the |
| | | | | | next_char function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13731 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | postprocess_termcap() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13732 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | dump_uses() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-19217 | | | | ncurses: Null pointer |
| | | | | | dereference at function |
| | | | | | _nc_name_match |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-11112 | | | | ncurses: Illegal address |
| | | | | | access in append_acs function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-19211 | | | | ncurses: Null pointer |
| | | | | | dereference at function |
| | | | | | _nc_parse_entry in |
| | | | | | parse_entry.c |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-10754 | LOW | | | ncurses: NULL Pointer |
| | | | | | Dereference in |
| | | | | | _nc_parse_entry function in |
| | | | | | tinfo/parse_entry.c. |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| ncurses-libs | CVE-2017-10684 | HIGH | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-11112 | MEDIUM | | | ncurses: Illegal address |
| | | | | | access in append_acs function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13733 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | fmt_entry |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13732 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | dump_uses() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-16879 | | | | ncurses: Stack-based |
| | | | | | buffer overflow in the |
| | | | | | _nc_write_entry function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13734 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | _nc_safe_strcat |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13731 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | postprocess_termcap() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-11113 | | | | ncurses: Null pointer |
| | | | | | dereference vulnerability in |
| | | | | | _nc_parse_entry function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13730 | | | | ncurses: Illegal address |
| | | | | | access in the function |
| | | | | | _nc_read_entry_source() |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13729 | | | | ncurses: Illegal address |
| | | | | | access in the _nc_save_str |
| | | | | | function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-19217 | | | | ncurses: Null pointer |
| | | | | | dereference at function |
| | | | | | _nc_name_match |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-19211 | | | | ncurses: Null pointer |
| | | | | | dereference at function |
| | | | | | _nc_parse_entry in |
| | | | | | parse_entry.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-13728 | | | | ncurses: Infinite loop in the |
| | | | | | next_char function |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-10754 | LOW | | | ncurses: NULL Pointer |
| | | | | | Dereference in |
| | | | | | _nc_parse_entry function in |
| | | | | | tinfo/parse_entry.c. |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| nspr | CVE-2016-1951 | HIGH | 4.19.0-1.el7_5 | | nspr: Memory allocation |
| | | | | | issue related to PR_*printf |
| | | | | | functions |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| nss | CVE-2014-3566 | MEDIUM | 3.36.0-7.1.el7_6 | | SSL/TLS: Padding Oracle On |
| | | | | | Downgraded Legacy Encryption |
| | | | | | attack |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2183 | | | | SSL/TLS: Birthday attack |
| | | | | | against 64-bit block ciphers |
| | | | | | (SWEET32) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-2808 | | | | SSL/TLS: "Invariance Weakness" |
| | | | | | vulnerability in RC4 stream |
| | | | | | cipher |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9074 | | | | nss: Insufficient timing |
| | | | | | side-channel resistance in |
| | | | | | divSpoiler |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-12404 | | | 3.44.0-4.el7 | nss: Cache side-channel |
| | | | | | variant of the Bleichenbacher |
| | | | | | attack |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18508 | | | | nss: NULL pointer dereference |
| | | | | | in several CMS functions |
| | | | | | resulting in a denial... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9574 | | | | nss: Remote DoS during |
| | | | | | session handshake when using |
| | | | | | SessionTicket extention and |
| | | | | | ECDHE-ECDSA... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-0495 | LOW | | 3.44.0-4.el7 | ROHNP: Key Extraction Side |
| | | | | | Channel in Multiple Crypto |
| | | | | | Libraries |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| nss-softokn | CVE-2015-2613 | MEDIUM | 3.36.0-5.el7_5 | | NSS / JCE: missing EC |
| | | | | | parameter validation in |
| | | | | | ECDH_Derive() (OpenJDK JCE, |
| | | | | | 8075833)... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-1938 | | | | Mozilla NSS: Errors in mp_div |
| | | | | | and mp_exptmod cryptographic |
| | | | | | functions |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7781 | | | | Mozilla: Elliptic curve |
| | | | | | point addition error when |
| | | | | | using mixed Jacobian-affine |
| | | | | | coordinates (MFSA... |
+-----------------------------+------------------+ + +--------------------+--------------------------------------------------------------+
| nss-softokn-freebl | CVE-2016-1938 | | | | Mozilla NSS: Errors in mp_div |
| | | | | | and mp_exptmod cryptographic |
| | | | | | functions |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-2613 | | | | NSS / JCE: missing EC |
| | | | | | parameter validation in |
| | | | | | ECDH_Derive() (OpenJDK JCE, |
| | | | | | 8075833)... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7781 | | | | Mozilla: Elliptic curve |
| | | | | | point addition error when |
| | | | | | using mixed Jacobian-affine |
| | | | | | coordinates (MFSA... |
+-----------------------------+------------------+ +-----------------------+--------------------+--------------------------------------------------------------+
| nss-sysinit | CVE-2015-2808 | | 3.36.0-7.1.el7_6 | | SSL/TLS: "Invariance Weakness" |
| | | | | | vulnerability in RC4 stream |
| | | | | | cipher |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-12404 | | | 3.44.0-4.el7 | nss: Cache side-channel |
| | | | | | variant of the Bleichenbacher |
| | | | | | attack |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9574 | | | | nss: Remote DoS during |
| | | | | | session handshake when using |
| | | | | | SessionTicket extention and |
| | | | | | ECDHE-ECDSA... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2183 | | | | SSL/TLS: Birthday attack |
| | | | | | against 64-bit block ciphers |
| | | | | | (SWEET32) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3566 | | | | SSL/TLS: Padding Oracle On |
| | | | | | Downgraded Legacy Encryption |
| | | | | | attack |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18508 | | | | nss: NULL pointer dereference |
| | | | | | in several CMS functions |
| | | | | | resulting in a denial... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9074 | | | | nss: Insufficient timing |
| | | | | | side-channel resistance in |
| | | | | | divSpoiler |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-0495 | LOW | | 3.44.0-4.el7 | ROHNP: Key Extraction Side |
| | | | | | Channel in Multiple Crypto |
| | | | | | Libraries |
+-----------------------------+------------------+----------+ + +--------------------------------------------------------------+
| nss-tools | CVE-2018-12404 | MEDIUM | | | nss: Cache side-channel |
| | | | | | variant of the Bleichenbacher |
| | | | | | attack |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2183 | | | | SSL/TLS: Birthday attack |
| | | | | | against 64-bit block ciphers |
| | | | | | (SWEET32) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3566 | | | | SSL/TLS: Padding Oracle On |
| | | | | | Downgraded Legacy Encryption |
| | | | | | attack |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-18508 | | | | nss: NULL pointer dereference |
| | | | | | in several CMS functions |
| | | | | | resulting in a denial... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9074 | | | | nss: Insufficient timing |
| | | | | | side-channel resistance in |
| | | | | | divSpoiler |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-2808 | | | | SSL/TLS: "Invariance Weakness" |
| | | | | | vulnerability in RC4 stream |
| | | | | | cipher |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-9574 | | | | nss: Remote DoS during |
| | | | | | session handshake when using |
| | | | | | SessionTicket extention and |
| | | | | | ECDHE-ECDSA... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-0495 | LOW | | 3.44.0-4.el7 | ROHNP: Key Extraction Side |
| | | | | | Channel in Multiple Crypto |
| | | | | | Libraries |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| openldap | CVE-2019-13565 | MEDIUM | 2.4.44-21.el7_6 | | openldap: ACL restrictions |
| | | | | | bypass due to sasl_ssf value |
| | | | | | being set permanently |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-1546 | | | | openldap: slapd crash in |
| | | | | | valueReturnFilter cleanup |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-14159 | LOW | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-13057 | | | | openldap: Information |
| | | | | | disclosure issue in slapd |
| | | | | | component |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-4984 | | | | openldap-servers: |
| | | | | | /usr/libexec/openldap/generate-server-cert.sh |
| | | | | | create world readable password file |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| openssl-libs | CVE-2018-0735 | MEDIUM | 1:1.0.2k-16.el7_6.1 | | openssl: timing side channel |
| | | | | | attack in ECDSA signature |
| | | | | | generation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-1563 | | | | openssl: information |
| | | | | | disclosure in PKCS7_dataDecode |
| | | | | | and CMS_decrypt_set1_pkey |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-3566 | | | | SSL/TLS: Padding Oracle On |
| | | | | | Downgraded Legacy Encryption |
| | | | | | attack |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-2808 | | | | SSL/TLS: "Invariance Weakness" |
| | | | | | vulnerability in RC4 stream |
| | | | | | cipher |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-1559 | | | 1:1.0.2k-19.el7 | openssl: 0-byte record padding |
| | | | | | oracle |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-2183 | | | | SSL/TLS: Birthday attack |
| | | | | | against 64-bit block ciphers |
| | | | | | (SWEET32) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-0734 | | | 1:1.0.2k-19.el7 | openssl: timing side channel |
| | | | | | attack in the DSA signature |
| | | | | | algorithm |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2019-1547 | LOW | | | openssl: side-channel weak |
| | | | | | encryption vulnerability |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| pcre | CVE-2015-8394 | HIGH | 8.32-17.el7 | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8380 | | | | pcre: OOB write when |
| | | | | | pcre_exec() is called with |
| | | | | | ovecsize of 1 (8.38/10)... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-8393 | MEDIUM | | | pcre: pcregrep -q is not |
| | | | | | always quiet (8.38/28) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7246 | | | | pcre: stack-based |
| | | | | | buffer overflow write in |
| | | | | | pcre32_copy_substring |
+ +------------------+ + +--------------------+ +
| | CVE-2017-7245 | | | | |
| | | | | | |
| | | | | | |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7244 | | | | pcre: invalid memory read in |
| | | | | | _pcre32_xclass (pcre_xclass.c) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7186 | | | | pcre: Invalid Unicode property |
| | | | | | lookup (8.41/7, 10.24/2) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2015-8382 | | | | php: Regular Expression |
| | | | | | Uninitialized Pointer |
| | | | | | Information Disclosure |
| | | | | | Vulnerability (ZDI-CAN-2547) |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-6004 | | | | pcre: Out-of-bounds read in |
| | | | | | compile_bracket_matchingpath |
| | | | | | function (8.41/3) |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-16231 | LOW | | | pcre: self-recursive call in |
| | | | | | match() in pcre_exec.c leads |
| | | | | | to denial of service... |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| procps-ng | CVE-2018-1121 | MEDIUM | 3.3.10-23.el7 | | procps-ng, procps: process |
| | | | | | hiding through race condition |
| | | | | | enumerating /proc |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-1125 | | | | procps-ng, procps: stack |
| | | | | | buffer overflow in pgrep |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-1122 | | | 3.3.10-26.el7 | procps-ng, procps: Local |
| | | | | | privilege escalation in top |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-1123 | | | | procps-ng, procps: denial of |
| | | | | | service in ps via mmap buffer |
| | | | | | overflow |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| python | CVE-2017-1000158 | HIGH | 2.7.5-80.el7_6 | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-5010 | | | 2.7.5-86.el7 | python: NULL pointer |
| | | | | | dereference using a specially |
| | | | | | crafted X509 certificate |
+ +------------------+----------+ + +--------------------------------------------------------------+
| | CVE-2019-9947 | MEDIUM | | | python: CRLF injection via the |
| | | | | | path part of the url passed |
| | | | | | to... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-16056 | | | | python: email.utils.parseaddr |
| | | | | | wrongly parses email addresses |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9740 | | | 2.7.5-86.el7 | python: CRLF injection via the |
| | | | | | query part of the url passed |
| | | | | | to... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20852 | | | | python: cookie domain check |
| | | | | | returns incorrect results |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9948 | | | 2.7.5-86.el7 | python: Undocumented |
| | | | | | local_file protocol allows |
| | | | | | remote attackers to bypass |
| | | | | | protection mechanisms |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2013-1665 | | | | Python xml bindings: External |
| | | | | | entity expansion in Python |
| | | | | | XML libraries inflicts |
| | | | | | potential... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-14647 | | | 2.7.5-86.el7 | python: Missing salt |
| | | | | | initialization in |
| | | | | | _elementtree.c module |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2013-7040 | | | | python: hash secret can be |
| | | | | | recovered remotely |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-1000030 | | | | python: Heap-Buffer-Overflow |
| | | | | | and Heap-Use-After-Free in |
| | | | | | Objects/fileobject.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2013-1664 | | | | Python xml bindings: Internal |
| | | | | | entity expansion in Python XML |
| | | | | | libraries inflicts DoS... |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| python-libs | CVE-2017-1000158 | HIGH | | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-5010 | | | 2.7.5-86.el7 | python: NULL pointer |
| | | | | | dereference using a specially |
| | | | | | crafted X509 certificate |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2013-1664 | MEDIUM | | | Python xml bindings: Internal |
| | | | | | entity expansion in Python XML |
| | | | | | libraries inflicts DoS... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9948 | | | 2.7.5-86.el7 | python: Undocumented |
| | | | | | local_file protocol allows |
| | | | | | remote attackers to bypass |
| | | | | | protection mechanisms |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-1000030 | | | | python: Heap-Buffer-Overflow |
| | | | | | and Heap-Use-After-Free in |
| | | | | | Objects/fileobject.c |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9740 | | | 2.7.5-86.el7 | python: CRLF injection via the |
| | | | | | query part of the url passed |
| | | | | | to... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-16056 | | | | python: email.utils.parseaddr |
| | | | | | wrongly parses email addresses |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9947 | | | 2.7.5-86.el7 | python: CRLF injection via the |
| | | | | | path part of the url passed |
| | | | | | to... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-20852 | | | | python: cookie domain check |
| | | | | | returns incorrect results |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-14647 | | | 2.7.5-86.el7 | python: Missing salt |
| | | | | | initialization in |
| | | | | | _elementtree.c module |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2013-1665 | | | | Python xml bindings: External |
| | | | | | entity expansion in Python |
| | | | | | XML libraries inflicts |
| | | | | | potential... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2013-7040 | | | | python: hash secret can be |
| | | | | | recovered remotely |
+-----------------------------+------------------+ +-----------------------+--------------------+--------------------------------------------------------------+
| readline | CVE-2016-7091 | | 6.2-10.el7 | | sudo: Possible info leak via |
| | | | | | INPUTRC |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| rpm | CVE-2017-7500 | HIGH | 4.11.3-35.el7 | | rpm: Following symlinks to |
| | | | | | directories when installing |
| | | | | | packages allows privilege |
| | | | | | escalation |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-7501 | MEDIUM | | | rpm: Following symlinks to |
| | | | | | files when installing packages |
| | | | | | allows privilege escalation |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| rpm-build-libs | CVE-2017-7500 | HIGH | | | rpm: Following symlinks to |
| | | | | | directories when installing |
| | | | | | packages allows privilege |
| | | | | | escalation |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-7501 | MEDIUM | | | rpm: Following symlinks to |
| | | | | | files when installing packages |
| | | | | | allows privilege escalation |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| rpm-libs | CVE-2017-7500 | HIGH | | | rpm: Following symlinks to |
| | | | | | directories when installing |
| | | | | | packages allows privilege |
| | | | | | escalation |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-7501 | MEDIUM | | | rpm: Following symlinks to |
| | | | | | files when installing packages |
| | | | | | allows privilege escalation |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| rpm-python | CVE-2017-7500 | HIGH | | | rpm: Following symlinks to |
| | | | | | directories when installing |
| | | | | | packages allows privilege |
| | | | | | escalation |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-7501 | MEDIUM | | | rpm: Following symlinks to |
| | | | | | files when installing packages |
| | | | | | allows privilege escalation |
+-----------------------------+------------------+ +-----------------------+--------------------+--------------------------------------------------------------+
| shadow-utils | CVE-2016-6252 | | 2:4.1.5.1-25.el7_6.1 | | shadow-utils: Incorrect |
| | | | | | integer handling results in |
| | | | | | LPE |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| sqlite | CVE-2015-7036 | HIGH | 3.7.17-8.el7 | | sqlite: arbitrary code |
| | | | | | execution on databases with |
| | | | | | malformed schema |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-10989 | | | | sqlite: Heap-buffer overflow |
| | | | | | in the getNodeSize function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-8457 | | | | sqlite3: heap out-of-bound |
| | | | | | read in function rtreenode() |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-13685 | MEDIUM | | | sqlite: Local DoS via |
| | | | | | dump_callback function |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-7000 | | | | chromium-browser: pointer |
| | | | | | disclosure in sqlite |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-15286 | | | | sqlite: NULL pointer |
| | | | | | dereference in tableColumnList |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-8740 | | | | sqlite: NULL pointer |
| | | | | | dereference with databases |
| | | | | | with schema corrupted with |
| | | | | | CREATE TABLE... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-5827 | | | | chromium-browser: |
| | | | | | out-of-bounds access in SQLite |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-6153 | | | | sqlite: Tempdir selection |
| | | | | | vulnerability |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| systemd | CVE-2018-15686 | CRITICAL | 219-62.el7_6.9 | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-18078 | MEDIUM | | | systemd: Unsafe handling of |
| | | | | | hard links allowing privilege |
| | | | | | escalation |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-3842 | | | | systemd: Spoofing of |
| | | | | | XDG_SEAT allows for actions |
| | | | | | to be checked against |
| | | | | | "allow_active"... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-16866 | LOW | | 219-67.el7 | systemd: out-of-bounds read |
| | | | | | when parsing a crafted syslog |
| | | | | | message |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2013-4392 | | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security |
| | | | | | contexts... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-16888 | | | 219-67.el7 | systemd: kills privileged |
| | | | | | process if unprivileged |
| | | | | | PIDFile was tampered |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-6349 | | | | oci-register-machine: |
| | | | | | information exposure for |
| | | | | | docker containers |
+-----------------------------+------------------+----------+ +--------------------+--------------------------------------------------------------+
| systemd-libs | CVE-2018-15686 | CRITICAL | | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2019-3842 | MEDIUM | | | systemd: Spoofing of |
| | | | | | XDG_SEAT allows for actions |
| | | | | | to be checked against |
| | | | | | "allow_active"... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-18078 | | | | systemd: Unsafe handling of |
| | | | | | hard links allowing privilege |
| | | | | | escalation |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-16888 | LOW | | 219-67.el7 | systemd: kills privileged |
| | | | | | process if unprivileged |
| | | | | | PIDFile was tampered |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2016-6349 | | | | oci-register-machine: |
| | | | | | information exposure for |
| | | | | | docker containers |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2018-16866 | | | 219-67.el7 | systemd: out-of-bounds read |
| | | | | | when parsing a crafted syslog |
| | | | | | message |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2013-4392 | | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security |
| | | | | | contexts... |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| tar | CVE-2016-6321 | MEDIUM | 2:1.26-35.el7 | | tar: Bypassing the extract |
| | | | | | path name |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
| | | | | | in pax_decode_header in |
| | | | | | sparse.c |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2018-20482 | LOW | | | tar: Infinite read loop in |
| | | | | | sparse_dump_region function in |
| | | | | | sparse.c |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| util-linux | CVE-2016-2779 | HIGH | 2.23.2-59.el7_6.1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2014-9114 | | | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2015-5218 | LOW | | | colcrt: global-buffer-overflow |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
| vim-minimal | CVE-2017-6350 | HIGH | 2:7.4.160-6.el7_6 | | vim: Integer overflow at |
| | | | | | an unserialize_uep memory |
| | | | | | allocation site |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-5953 | | | | vim: Tree length values |
| | | | | | not validated properly when |
| | | | | | handling a spell file... |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-11109 | MEDIUM | | | vim: Use-after-free via |
| | | | | | crafted file |
+ +------------------+----------+ +--------------------+--------------------------------------------------------------+
| | CVE-2017-17087 | LOW | | | vim: Sets the group ownership |
| | | | | | of a .swp file to the |
| | | | | | editor's... |
+ +------------------+ + +--------------------+--------------------------------------------------------------+
| | CVE-2017-1000382 | | | | vim: Ignores umask when |
| | | | | | creating a swap file |
+-----------------------------+------------------+----------+-----------------------+--------------------+--------------------------------------------------------------+
脆弱性情報をパッと見られるのは便利
注意点
- インスタンスがt2.microだとスキャン実行時にout of memoryになった
→t2.smallだと動いた - gitもインストールしておく