1. Amazon Container Registry
  2. frozenfox/tomcat

frozenfox/tomcat

Region: us-east-2
Scan Summary
Critical vulnerabilities
5
Malicious files
1
Last scan

1 year, 10 months ago
Type of scan
Prevasio CSPM
Scan duration
5 minutes and 21 seconds
Image Details
Image URI
frozenfox/tomcat
Image tags
wolv
Digest
Created

6 years ago
Compressed size
228.92 MB
Uncompressed size
501.38 MB
OS/architecture
linux/amd64
OS distribution
centos 7.4.1708
Working directory
ENTRYPOINT
/bin/sh-c/opt/apache-tomcat/bin/catalina.sh run
CMD
User
Ports
8080/tcp
8443/tcp
9004/tcp
Volumes
Environment variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/jdk1.7.0_80/bin:/opt/apache-tomcat/bin
JAVA_HOME=/opt/jdk1.7.0_80
CATALINA_HOME=/opt/apache-tomcat
Filename File Size SHA 256 Threat Name Report
/opt/apache-tomcat/bin/tomcat7w.exe 447.47 kB 082db3b37da8b1be66eb57d2ce512477493de356897ea638ab75364da3288f39 Win.Adware.LoadMoney-3644756-1 VirusTotal
Overview
Critical
5
High
64
Medium
258
Low
115
Informational
0
Vulnerabilities (442)
Severity Name Package VersionFixed inDescription Package:version
Critical CVE-2021-43527 nss 3.28.4-8.el73.67.0-4.el7_9nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) nss:3.28.4-8.el7
Critical CVE-2021-43527 nss-sysinit 3.28.4-8.el73.67.0-4.el7_9nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) nss-sysinit:3.28.4-8.el7
Critical CVE-2021-43527 nss-tools 3.28.4-8.el73.67.0-4.el7_9nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) nss-tools:3.28.4-8.el7
Critical CVE-2017-7657 org.eclipse.jetty:jetty-server 8.1.14.v201310319.2.25.v20180606, 9.3.24.v20180605jetty: HTTP request smuggling org.eclipse.jetty:jetty-server:8.1.14.v20131031
Critical CVE-2017-7658 org.eclipse.jetty:jetty-server 8.1.14.v201310319.2.26.v20180806, 9.3.24.v20180605, 9.4.11.v20180605jetty: Incorrect header handling org.eclipse.jetty:jetty-server:8.1.14.v20131031
High CVE-2017-3143 bind-license 32:9.9.4-50.el732:9.9.4-50.el7_3.1bind: An error in TSIG authentication can permit unauthorized dynamic updates bind-license:32:9.9.4-50.el7
High CVE-2017-3145 bind-license 32:9.9.4-50.el732:9.9.4-51.el7_4.2bind: Improper fetch cleanup sequencing in the resolver can cause named to crash bind-license:32:9.9.4-50.el7
High CVE-2018-5740 bind-license 32:9.9.4-50.el732:9.9.4-61.el7_5.1bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service bind-license:32:9.9.4-50.el7
High CVE-2018-5743 bind-license 32:9.9.4-50.el732:9.9.4-74.el7_6.1bind: Limiting simultaneous TCP clients is ineffective bind-license:32:9.9.4-50.el7
High CVE-2020-8616 bind-license 32:9.9.4-50.el732:9.11.4-16.P2.el7_8.6bind: BIND does not sufficiently limit the number of fetches performed when processing referrals bind-license:32:9.9.4-50.el7
High CVE-2020-8617 bind-license 32:9.9.4-50.el732:9.11.4-16.P2.el7_8.6bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c bind-license:32:9.9.4-50.el7
High CVE-2020-8625 bind-license 32:9.9.4-50.el732:9.11.4-26.P2.el7_9.4bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation bind-license:32:9.9.4-50.el7
High CVE-2021-25215 bind-license 32:9.9.4-50.el732:9.11.4-26.P2.el7_9.5bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself bind-license:32:9.9.4-50.el7
High CVE-2022-24407 cyrus-sasl-lib 2.1.26-21.el72.1.26-24.el7_9cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands cyrus-sasl-lib:2.1.26-21.el7
High CVE-2020-12049 dbus 1:1.6.12-17.el71:1.10.24-14.el7_8dbus: denial of service via file descriptor leak dbus:1:1.6.12-17.el7
High CVE-2020-12049 dbus-libs 1:1.6.12-17.el71:1.10.24-14.el7_8dbus: denial of service via file descriptor leak dbus-libs:1:1.6.12-17.el7
High CVE-2017-5715 dracut 033-502.el7033-502.el7_4.1hw: cpu: speculative execution branch target injection dracut:033-502.el7
High CVE-2022-25235 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution expat:2.1.0-10.el7_3
High CVE-2022-25236 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution expat:2.1.0-10.el7_3
High CVE-2022-25315 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Integer overflow in storeRawNames() expat:2.1.0-10.el7_3
High CVE-2021-27219 glib2 2.50.3-3.el72.56.1-9.el7_9glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits glib2:2.50.3-3.el7
High CVE-2018-12020 gnupg2 2.0.22-4.el72.0.22-5.el7_5gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification gnupg2:2.0.22-4.el7
High CVE-2022-1271 gzip 1.5-9.el71.5-11.el7_9gzip: arbitrary-file-write vulnerability gzip:1.5-9.el7
High CVE-2019-3855 libssh2 1.4.3-10.el7_2.11.4.3-12.el7_6.2libssh2: Integer overflow in transport read resulting in out of bounds write libssh2:1.4.3-10.el7_2.1
High CVE-2019-3856 libssh2 1.4.3-10.el7_2.11.4.3-12.el7_6.2libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write libssh2:1.4.3-10.el7_2.1
High CVE-2019-3857 libssh2 1.4.3-10.el7_2.11.4.3-12.el7_6.2libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write libssh2:1.4.3-10.el7_2.1
High CVE-2019-3863 libssh2 1.4.3-10.el7_2.11.4.3-12.el7_6.2libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes libssh2:1.4.3-10.el7_2.1
High CVE-2017-7805 nss 3.28.4-8.el73.28.4-12.el7_4nss: Potential use-after-free in TLS 1.2 server when verifying client authentication nss:3.28.4-8.el7
High CVE-2019-11745 nss 3.28.4-8.el73.44.0-7.el7_7nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate nss:3.28.4-8.el7
High CVE-2019-11745 nss-softokn 3.28.3-6.el73.44.0-8.el7_7nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate nss-softokn:3.28.3-6.el7
High CVE-2019-11745 nss-softokn-freebl 3.28.3-6.el73.44.0-8.el7_7nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate nss-softokn-freebl:3.28.3-6.el7
High CVE-2017-7805 nss-sysinit 3.28.4-8.el73.28.4-12.el7_4nss: Potential use-after-free in TLS 1.2 server when verifying client authentication nss-sysinit:3.28.4-8.el7
High CVE-2019-11745 nss-sysinit 3.28.4-8.el73.44.0-7.el7_7nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate nss-sysinit:3.28.4-8.el7
High CVE-2017-7805 nss-tools 3.28.4-8.el73.28.4-12.el7_4nss: Potential use-after-free in TLS 1.2 server when verifying client authentication nss-tools:3.28.4-8.el7
High CVE-2019-11745 nss-tools 3.28.4-8.el73.44.0-7.el7_7nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate nss-tools:3.28.4-8.el7
High CVE-2019-11745 nss-util 3.28.4-3.el73.44.0-4.el7_7nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate nss-util:3.28.4-3.el7
High CVE-2020-1971 openssl-libs 1:1.0.2k-8.el71:1.0.2k-21.el7_9openssl: EDIPARTYNAME NULL pointer de-reference openssl-libs:1:1.0.2k-8.el7
High CVE-2022-0778 openssl-libs 1:1.0.2k-8.el71:1.0.2k-25.el7_9openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates openssl-libs:1:1.0.2k-8.el7
High CVE-2018-1124 procps-ng 3.3.10-16.el73.3.10-17.el7_5.2procps-ng, procps: Integer overflows leading to heap overflow in file2strvec procps-ng:3.3.10-16.el7
High CVE-2019-10160 python 2.7.5-58.el72.7.5-80.el7_6python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc python:2.7.5-58.el7
High CVE-2019-9636 python 2.7.5-58.el72.7.5-77.el7_6python: Information Disclosure due to urlsplit improper NFKC normalization python:2.7.5-58.el7
High CVE-2019-10160 python-libs 2.7.5-58.el72.7.5-80.el7_6python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc python-libs:2.7.5-58.el7
High CVE-2019-9636 python-libs 2.7.5-58.el72.7.5-77.el7_6python: Information Disclosure due to urlsplit improper NFKC normalization python-libs:2.7.5-58.el7
High CVE-2019-13734 sqlite 3.7.17-8.el73.7.17-8.el7_7.1sqlite: fts3: improve shadow table corruption detection sqlite:3.7.17-8.el7
High CVE-2018-15688 systemd 219-42.el7219-62.el7_6.2systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling systemd:219-42.el7
High CVE-2018-16864 systemd 219-42.el7219-62.el7_6.2systemd: stack overflow when calling syslog from a command with long cmdline systemd:219-42.el7
High CVE-2018-16865 systemd 219-42.el7219-62.el7_6.2systemd: stack overflow when receiving many journald entries systemd:219-42.el7
High CVE-2019-6454 systemd 219-42.el7219-62.el7_6.5systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash systemd:219-42.el7
High CVE-2018-15688 systemd-libs 219-42.el7219-62.el7_6.2systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling systemd-libs:219-42.el7
High CVE-2018-16864 systemd-libs 219-42.el7219-62.el7_6.2systemd: stack overflow when calling syslog from a command with long cmdline systemd-libs:219-42.el7
High CVE-2018-16865 systemd-libs 219-42.el7219-62.el7_6.2systemd: stack overflow when receiving many journald entries systemd-libs:219-42.el7
High CVE-2019-6454 systemd-libs 219-42.el7219-62.el7_6.5systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash systemd-libs:219-42.el7
High CVE-2019-12735 vim-minimal 2:7.4.160-2.el72:7.4.160-6.el7_6vim/neovim: ':source!' command allows arbitrary command execution via modelines vim-minimal:2:7.4.160-2.el7
High CVE-2018-10897 yum-plugin-fastestmirror 1.1.31-42.el71.1.31-46.el7_5yum-utils: reposync: improper path validation may lead to directory traversal yum-plugin-fastestmirror:1.1.31-42.el7
High CVE-2018-10897 yum-plugin-ovl 1.1.31-42.el71.1.31-46.el7_5yum-utils: reposync: improper path validation may lead to directory traversal yum-plugin-ovl:1.1.31-42.el7
High CVE-2018-10897 yum-utils 1.1.31-42.el71.1.31-46.el7_5yum-utils: reposync: improper path validation may lead to directory traversal yum-utils:1.1.31-42.el7
High CVE-2018-25032 zlib 1.2.7-17.el71.2.7-20.el7_9zlib: A flaw found in zlib when compressing (not decompressing) certain inputs zlib:1.2.7-17.el7
High CVE-2017-3523 mysql:mysql-connector-java 5.1.255.1.41mysql-connector-java: Improper automatic deserialization of binary data (CPU Apr 2017) mysql:mysql-connector-java:5.1.25
High CVE-2018-3258 mysql:mysql-connector-java 5.1.258.0.13mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) mysql:mysql-connector-java:5.1.25
High CVE-2020-27216 org.eclipse.jetty:jetty-http 8.1.14.v201310319.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3jetty: local temporary directory hijacking vulnerability org.eclipse.jetty:jetty-http:8.1.14.v20131031
High CVE-2021-28165 org.eclipse.jetty:jetty-http 8.1.14.v201310319.4.39.v20210325, 10.0.2, 11.0.2jetty: Resource exhaustion when receiving an invalid large TLS frame org.eclipse.jetty:jetty-http:8.1.14.v20131031
High CVE-2021-28165 org.eclipse.jetty:jetty-io 8.1.14.v201310319.4.39.v20210325, 10.0.2, 11.0.2jetty: Resource exhaustion when receiving an invalid large TLS frame org.eclipse.jetty:jetty-io:8.1.14.v20131031
High CVE-2015-2080 org.eclipse.jetty:jetty-server 8.1.14.v201310319.2.9.v20150224jetty: remote unauthenticated credential exposure org.eclipse.jetty:jetty-server:8.1.14.v20131031
High CVE-2017-7656 org.eclipse.jetty:jetty-server 8.1.14.v201310319.2.26.v20180806, 9.3.24.v20180605, 9.4.11.v20180605jetty: HTTP request smuggling using the range header org.eclipse.jetty:jetty-server:8.1.14.v20131031
High CVE-2020-27216 org.eclipse.jetty:jetty-server 8.1.14.v201310319.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3jetty: local temporary directory hijacking vulnerability org.eclipse.jetty:jetty-server:8.1.14.v20131031
High CVE-2021-28165 org.eclipse.jetty:jetty-server 8.1.14.v201310319.4.39.v20210325, 10.0.2, 11.0.2jetty: Resource exhaustion when receiving an invalid large TLS frame org.eclipse.jetty:jetty-server:8.1.14.v20131031
High CVE-2017-9735 org.eclipse.jetty:jetty-util 8.1.14.v201310319.4.6.v20170531jetty: Timing channel attack in util/security/Password.java org.eclipse.jetty:jetty-util:8.1.14.v20131031
High CVE-2020-27216 org.eclipse.jetty:jetty-util 8.1.14.v201310319.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3jetty: local temporary directory hijacking vulnerability org.eclipse.jetty:jetty-util:8.1.14.v20131031
High CVE-2021-28165 org.eclipse.jetty:jetty-util 8.1.14.v201310319.4.39.v20210325, 10.0.2, 11.0.2jetty: Resource exhaustion when receiving an invalid large TLS frame org.eclipse.jetty:jetty-util:8.1.14.v20131031
Medium CVE-2019-9924 bash 4.2.46-28.el74.2.46-34.el7bash: BASH_CMD is writable in restricted bash shells bash:4.2.46-28.el7
Medium CVE-2017-3142 bind-license 32:9.9.4-50.el732:9.9.4-50.el7_3.1bind: An error in TSIG authentication can permit unauthorized zone transfers bind-license:32:9.9.4-50.el7
Medium CVE-2018-5741 bind-license 32:9.9.4-50.el732:9.11.4-9.P2.el7bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies bind-license:32:9.9.4-50.el7
Medium CVE-2018-5742 bind-license 32:9.9.4-50.el732:9.9.4-73.el7_6bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary bind-license:32:9.9.4-50.el7
Medium CVE-2019-6477 bind-license 32:9.9.4-50.el732:9.11.4-16.P2.el7bind: TCP Pipelining doesn't limit TCP clients on a single connection bind-license:32:9.9.4-50.el7
Medium CVE-2020-8622 bind-license 32:9.9.4-50.el732:9.11.4-26.P2.el7_9.2bind: truncated TSIG response can lead to an assertion failure bind-license:32:9.9.4-50.el7
Medium CVE-2020-8623 bind-license 32:9.9.4-50.el732:9.11.4-26.P2.el7_9.2bind: remotely triggerable assertion failure in pk11.c bind-license:32:9.9.4-50.el7
Medium CVE-2020-8624 bind-license 32:9.9.4-50.el732:9.11.4-26.P2.el7_9.2bind: incorrect enforcement of update-policy rules of type "subdomain" bind-license:32:9.9.4-50.el7
Medium CVE-2021-25214 bind-license 32:9.9.4-50.el732:9.11.4-26.P2.el7_9.7bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly bind-license:32:9.9.4-50.el7
Medium CVE-2018-1000876 binutils 2.25.1-31.base.el72.27-41.base.el7binutils: integer overflow leads to heap-based buffer overflow in objdump binutils:2.25.1-31.base.el7
Medium CVE-2021-42574 binutils 2.25.1-31.base.el72.27-44.base.el7_9.1Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks binutils:2.25.1-31.base.el7
Medium CVE-2019-14866 cpio 2.11-24.el72.11-28.el7cpio: improper input validation when writing tar header fields leads to unexpected tar generation cpio:2.11-24.el7
Medium CVE-2017-1000257 curl 7.29.0-42.el77.29.0-42.el7_4.1curl: IMAP FETCH response out of bounds read curl:7.29.0-42.el7
Medium CVE-2018-1000007 curl 7.29.0-42.el77.29.0-51.el7curl: HTTP authentication leak in redirects curl:7.29.0-42.el7
Medium CVE-2018-1000120 curl 7.29.0-42.el77.29.0-51.el7curl: FTP path trickery leads to NIL byte out of bounds write curl:7.29.0-42.el7
Medium CVE-2018-1000122 curl 7.29.0-42.el77.29.0-51.el7curl: RTSP RTP buffer over-read curl:7.29.0-42.el7
Medium CVE-2018-1000301 curl 7.29.0-42.el77.29.0-51.el7curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service curl:7.29.0-42.el7
Medium CVE-2019-5482 curl 7.29.0-42.el77.29.0-59.el7curl: heap buffer overflow in function tftp_receive_packet() curl:7.29.0-42.el7
Medium CVE-2020-8177 curl 7.29.0-42.el77.29.0-59.el7_9.1curl: Incorrect argument check can allow remote servers to overwrite local files curl:7.29.0-42.el7
Medium CVE-2019-12749 dbus 1:1.6.12-17.el71:1.10.24-15.el7dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass dbus:1:1.6.12-17.el7
Medium CVE-2019-12749 dbus-libs 1:1.6.12-17.el71:1.10.24-15.el7dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass dbus-libs:1:1.6.12-17.el7
Medium CVE-2015-2716 expat 2.1.0-10.el7_32.1.0-11.el7expat: Integer overflow leading to buffer overflow in XML_GetBuffer() expat:2.1.0-10.el7_3
Medium CVE-2018-20843 expat 2.1.0-10.el7_32.1.0-12.el7expat: large number of colons in input makes parser consume high amount of resources, leading to DoS expat:2.1.0-10.el7_3
Medium CVE-2021-45960 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Large number of prefixed XML attributes on a single tag can crash libexpat expat:2.1.0-10.el7_3
Medium CVE-2021-46143 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Integer overflow in doProlog in xmlparse.c expat:2.1.0-10.el7_3
Medium CVE-2022-22822 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Integer overflow in addBinding in xmlparse.c expat:2.1.0-10.el7_3
Medium CVE-2022-22823 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Integer overflow in build_model in xmlparse.c expat:2.1.0-10.el7_3
Medium CVE-2022-22824 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Integer overflow in defineAttribute in xmlparse.c expat:2.1.0-10.el7_3
Medium CVE-2022-22825 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Integer overflow in lookup in xmlparse.c expat:2.1.0-10.el7_3
Medium CVE-2022-22826 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Integer overflow in nextScaffoldPart in xmlparse.c expat:2.1.0-10.el7_3
Medium CVE-2022-22827 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Integer overflow in storeAtts in xmlparse.c expat:2.1.0-10.el7_3
Medium CVE-2022-23852 expat 2.1.0-10.el7_32.1.0-14.el7_9expat: Integer overflow in function XML_GetBuffer expat:2.1.0-10.el7_3
Medium CVE-2015-9381 glib2 2.50.3-3.el72.56.1-2.el7freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash glib2:2.50.3-3.el7
Medium CVE-2015-9382 glib2 2.50.3-3.el72.56.1-2.el7freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read glib2:2.50.3-3.el7
Medium CVE-2017-2862 glib2 2.50.3-3.el72.56.1-2.el7gdk-pixbuf2: Heap overflow in the gdk_pixbuf__jpeg_image_load_increment function glib2:2.50.3-3.el7
Medium CVE-2018-11712 glib2 2.50.3-3.el72.56.1-2.el7webkitgtk: Improper TLS certificate verification for WebSocket connections glib2:2.50.3-3.el7
Medium CVE-2018-11713 glib2 2.50.3-3.el72.56.1-2.el7webkitgtk: WebSockets don't use system proxy settings glib2:2.50.3-3.el7
Medium CVE-2018-12910 glib2 2.50.3-3.el72.56.1-2.el7libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames glib2:2.50.3-3.el7
Medium CVE-2018-14036 glib2 2.50.3-3.el72.56.1-2.el7accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c glib2:2.50.3-3.el7
Medium CVE-2018-4121 glib2 2.50.3-3.el72.56.1-2.el7webkitgtk: memory corruption processing maliciously crafted web content glib2:2.50.3-3.el7
Medium CVE-2018-4200 glib2 2.50.3-3.el72.56.1-2.el7webkitgtk: memory corruption processing maliciously crafted web content glib2:2.50.3-3.el7
Medium CVE-2018-4204 glib2 2.50.3-3.el72.56.1-2.el7webkitgtk: memory corruption processing maliciously crafted web content glib2:2.50.3-3.el7
Medium CVE-2019-12450 glib2 2.50.3-3.el72.56.1-7.el7glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress glib2:2.50.3-3.el7
Medium CVE-2019-14822 glib2 2.50.3-3.el72.56.1-7.el7ibus: missing authorization allows local attacker to access the input bus of another user glib2:2.50.3-3.el7
Medium CVE-2016-10739 glibc 2.17-196.el72.17-292.el7glibc: getaddrinfo should reject IP addresses with trailing characters glibc:2.17-196.el7
Medium CVE-2017-15670 glibc 2.17-196.el72.17-222.el7glibc: Buffer overflow in glob with GLOB_TILDE glibc:2.17-196.el7
Medium CVE-2017-15804 glibc 2.17-196.el72.17-222.el7glibc: Buffer overflow during unescaping of user names with the ~ operator glibc:2.17-196.el7
Medium CVE-2017-16997 glibc 2.17-196.el72.17-260.el7glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries glibc:2.17-196.el7
Medium CVE-2018-1000001 glibc 2.17-196.el72.17-222.el7glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation glibc:2.17-196.el7
Medium CVE-2018-11236 glibc 2.17-196.el72.17-260.el7glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow glibc:2.17-196.el7
Medium CVE-2018-11237 glibc 2.17-196.el72.17-260.el7glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper glibc:2.17-196.el7
Medium CVE-2018-6485 glibc 2.17-196.el72.17-260.el7glibc: Integer overflow in posix_memalign in memalign functions glibc:2.17-196.el7
Medium CVE-2019-25013 glibc 2.17-196.el72.17-322.el7_9glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding glibc:2.17-196.el7
Medium CVE-2020-10029 glibc 2.17-196.el72.17-322.el7_9glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions glibc:2.17-196.el7
Medium CVE-2020-29573 glibc 2.17-196.el72.17-322.el7_9glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern glibc:2.17-196.el7
Medium CVE-2016-10739 glibc-common 2.17-196.el72.17-292.el7glibc: getaddrinfo should reject IP addresses with trailing characters glibc-common:2.17-196.el7
Medium CVE-2017-15670 glibc-common 2.17-196.el72.17-222.el7glibc: Buffer overflow in glob with GLOB_TILDE glibc-common:2.17-196.el7
Medium CVE-2017-15804 glibc-common 2.17-196.el72.17-222.el7glibc: Buffer overflow during unescaping of user names with the ~ operator glibc-common:2.17-196.el7
Medium CVE-2017-16997 glibc-common 2.17-196.el72.17-260.el7glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries glibc-common:2.17-196.el7
Medium CVE-2018-1000001 glibc-common 2.17-196.el72.17-222.el7glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation glibc-common:2.17-196.el7
Medium CVE-2018-11236 glibc-common 2.17-196.el72.17-260.el7glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow glibc-common:2.17-196.el7
Medium CVE-2018-11237 glibc-common 2.17-196.el72.17-260.el7glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper glibc-common:2.17-196.el7
Medium CVE-2018-6485 glibc-common 2.17-196.el72.17-260.el7glibc: Integer overflow in posix_memalign in memalign functions glibc-common:2.17-196.el7
Medium CVE-2019-25013 glibc-common 2.17-196.el72.17-322.el7_9glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding glibc-common:2.17-196.el7
Medium CVE-2020-10029 glibc-common 2.17-196.el72.17-322.el7_9glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions glibc-common:2.17-196.el7
Medium CVE-2020-29573 glibc-common 2.17-196.el72.17-322.el7_9glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern glibc-common:2.17-196.el7
Medium CVE-2015-9381 gobject-introspection 1.50.0-1.el71.56.1-1.el7freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash gobject-introspection:1.50.0-1.el7
Medium CVE-2015-9382 gobject-introspection 1.50.0-1.el71.56.1-1.el7freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read gobject-introspection:1.50.0-1.el7
Medium CVE-2017-2862 gobject-introspection 1.50.0-1.el71.56.1-1.el7gdk-pixbuf2: Heap overflow in the gdk_pixbuf__jpeg_image_load_increment function gobject-introspection:1.50.0-1.el7
Medium CVE-2018-11712 gobject-introspection 1.50.0-1.el71.56.1-1.el7webkitgtk: Improper TLS certificate verification for WebSocket connections gobject-introspection:1.50.0-1.el7
Medium CVE-2018-11713 gobject-introspection 1.50.0-1.el71.56.1-1.el7webkitgtk: WebSockets don't use system proxy settings gobject-introspection:1.50.0-1.el7
Medium CVE-2018-12910 gobject-introspection 1.50.0-1.el71.56.1-1.el7libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames gobject-introspection:1.50.0-1.el7
Medium CVE-2018-14036 gobject-introspection 1.50.0-1.el71.56.1-1.el7accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c gobject-introspection:1.50.0-1.el7
Medium CVE-2018-4121 gobject-introspection 1.50.0-1.el71.56.1-1.el7webkitgtk: memory corruption processing maliciously crafted web content gobject-introspection:1.50.0-1.el7
Medium CVE-2018-4200 gobject-introspection 1.50.0-1.el71.56.1-1.el7webkitgtk: memory corruption processing maliciously crafted web content gobject-introspection:1.50.0-1.el7
Medium CVE-2018-4204 gobject-introspection 1.50.0-1.el71.56.1-1.el7webkitgtk: memory corruption processing maliciously crafted web content gobject-introspection:1.50.0-1.el7
Medium CVE-2017-11368 krb5-libs 1.15.1-8.el71.15.1-18.el7krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure krb5-libs:1.15.1-8.el7
Medium CVE-2017-7562 krb5-libs 1.15.1-8.el71.15.1-18.el7krb5: Authentication bypass by improper validation of certificate EKU and SAN krb5-libs:1.15.1-8.el7
Medium CVE-2018-20217 krb5-libs 1.15.1-8.el71.15.1-37.el7_7.2krb5: Reachable assertion in the KDC using S4U2Self requests krb5-libs:1.15.1-8.el7
Medium CVE-2021-37750 krb5-libs 1.15.1-8.el71.15.1-51.el7_9krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field krb5-libs:1.15.1-8.el7
Medium CVE-2019-5094 libcom_err 1.42.9-10.el71.42.9-19.el7e2fsprogs: Crafted ext4 partition leads to out-of-bounds write libcom_err:1.42.9-10.el7
Medium CVE-2019-5188 libcom_err 1.42.9-10.el71.42.9-19.el7e2fsprogs: Out-of-bounds write in e2fsck/rehash.c libcom_err:1.42.9-10.el7
Medium CVE-2017-1000257 libcurl 7.29.0-42.el77.29.0-42.el7_4.1curl: IMAP FETCH response out of bounds read libcurl:7.29.0-42.el7
Medium CVE-2018-1000007 libcurl 7.29.0-42.el77.29.0-51.el7curl: HTTP authentication leak in redirects libcurl:7.29.0-42.el7
Medium CVE-2018-1000120 libcurl 7.29.0-42.el77.29.0-51.el7curl: FTP path trickery leads to NIL byte out of bounds write libcurl:7.29.0-42.el7
Medium CVE-2018-1000122 libcurl 7.29.0-42.el77.29.0-51.el7curl: RTSP RTP buffer over-read libcurl:7.29.0-42.el7
Medium CVE-2018-1000301 libcurl 7.29.0-42.el77.29.0-51.el7curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service libcurl:7.29.0-42.el7
Medium CVE-2019-5482 libcurl 7.29.0-42.el77.29.0-59.el7curl: heap buffer overflow in function tftp_receive_packet() libcurl:7.29.0-42.el7
Medium CVE-2020-8177 libcurl 7.29.0-42.el77.29.0-59.el7_9.1curl: Incorrect argument check can allow remote servers to overwrite local files libcurl:7.29.0-42.el7
Medium CVE-2019-5094 libss 1.42.9-10.el71.42.9-19.el7e2fsprogs: Crafted ext4 partition leads to out-of-bounds write libss:1.42.9-10.el7
Medium CVE-2019-5188 libss 1.42.9-10.el71.42.9-19.el7e2fsprogs: Out-of-bounds write in e2fsck/rehash.c libss:1.42.9-10.el7
Medium CVE-2019-17498 libssh2 1.4.3-10.el7_2.11.8.0-4.el7libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c libssh2:1.4.3-10.el7_2.1
Medium CVE-2019-3858 libssh2 1.4.3-10.el7_2.11.8.0-3.el7libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read libssh2:1.4.3-10.el7_2.1
Medium CVE-2019-3861 libssh2 1.4.3-10.el7_2.11.8.0-3.el7libssh2: Out-of-bounds reads with specially crafted SSH packets libssh2:1.4.3-10.el7_2.1
Medium CVE-2019-3862 libssh2 1.4.3-10.el7_2.11.4.3-12.el7_6.3libssh2: Out-of-bounds memory comparison with specially crafted message channel request libssh2:1.4.3-10.el7_2.1
Medium CVE-2015-8035 libxml2 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: DoS caused by incorrect error detection during XZ decompression libxml2:2.9.1-6.el7_2.3
Medium CVE-2016-4658 libxml2 2.9.1-6.el7_2.32.9.1-6.el7_9.6libxml2: Use after free via namespace node in XPointer ranges libxml2:2.9.1-6.el7_2.3
Medium CVE-2016-5131 libxml2 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: Use after free triggered by XPointer paths beginning with range-to libxml2:2.9.1-6.el7_2.3
Medium CVE-2017-15412 libxml2 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c libxml2:2.9.1-6.el7_2.3
Medium CVE-2018-14404 libxml2 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c libxml2:2.9.1-6.el7_2.3
Medium CVE-2019-19956 libxml2 2.9.1-6.el7_2.32.9.1-6.el7.5libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c libxml2:2.9.1-6.el7_2.3
Medium CVE-2019-20388 libxml2 2.9.1-6.el7_2.32.9.1-6.el7.5libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c libxml2:2.9.1-6.el7_2.3
Medium CVE-2020-7595 libxml2 2.9.1-6.el7_2.32.9.1-6.el7.5libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations libxml2:2.9.1-6.el7_2.3
Medium CVE-2015-8035 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: DoS caused by incorrect error detection during XZ decompression libxml2-python:2.9.1-6.el7_2.3
Medium CVE-2016-4658 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7_9.6libxml2: Use after free via namespace node in XPointer ranges libxml2-python:2.9.1-6.el7_2.3
Medium CVE-2016-5131 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: Use after free triggered by XPointer paths beginning with range-to libxml2-python:2.9.1-6.el7_2.3
Medium CVE-2017-15412 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c libxml2-python:2.9.1-6.el7_2.3
Medium CVE-2018-14404 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c libxml2-python:2.9.1-6.el7_2.3
Medium CVE-2019-19956 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7.5libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c libxml2-python:2.9.1-6.el7_2.3
Medium CVE-2019-20388 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7.5libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c libxml2-python:2.9.1-6.el7_2.3
Medium CVE-2020-7595 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7.5libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations libxml2-python:2.9.1-6.el7_2.3
Medium CVE-2018-0495 nspr 4.13.1-1.0.el7_34.21.0-1.el7ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries nspr:4.13.1-1.0.el7_3
Medium CVE-2018-12404 nspr 4.13.1-1.0.el7_34.21.0-1.el7nss: Cache side-channel variant of the Bleichenbacher attack nspr:4.13.1-1.0.el7_3
Medium CVE-2019-11719 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: Out-of-bounds read when importing curve25519 private key nspr:4.13.1-1.0.el7_3
Medium CVE-2019-11756 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: Use-after-free in sftk_FreeSession due to improper refcounting nspr:4.13.1-1.0.el7_3
Medium CVE-2019-17006 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: Check length of inputs for cryptographic primitives nspr:4.13.1-1.0.el7_3
Medium CVE-2019-17007 nspr 4.13.1-1.0.el7_34.21.0-1.el7nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS nspr:4.13.1-1.0.el7_3
Medium CVE-2020-12400 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function nspr:4.13.1-1.0.el7_3
Medium CVE-2020-12401 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: ECDSA timing attack mitigation bypass nspr:4.13.1-1.0.el7_3
Medium CVE-2020-12402 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: Side channel vulnerabilities during RSA key generation nspr:4.13.1-1.0.el7_3
Medium CVE-2020-12403 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read nspr:4.13.1-1.0.el7_3
Medium CVE-2020-6829 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: Side channel attack on ECDSA signature generation nspr:4.13.1-1.0.el7_3
Medium CVE-2018-0495 nss 3.28.4-8.el73.44.0-4.el7ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries nss:3.28.4-8.el7
Medium CVE-2018-12384 nss 3.28.4-8.el73.36.0-7.el7_5nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello nss:3.28.4-8.el7
Medium CVE-2018-12404 nss 3.28.4-8.el73.44.0-4.el7nss: Cache side-channel variant of the Bleichenbacher attack nss:3.28.4-8.el7
Medium CVE-2019-11719 nss 3.28.4-8.el73.53.1-3.el7_9nss: Out-of-bounds read when importing curve25519 private key nss:3.28.4-8.el7
Medium CVE-2019-11729 nss 3.28.4-8.el73.44.0-7.el7_7nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault nss:3.28.4-8.el7
Medium CVE-2019-11756 nss 3.28.4-8.el73.53.1-3.el7_9nss: Use-after-free in sftk_FreeSession due to improper refcounting nss:3.28.4-8.el7
Medium CVE-2019-17006 nss 3.28.4-8.el73.53.1-3.el7_9nss: Check length of inputs for cryptographic primitives nss:3.28.4-8.el7
Medium CVE-2019-17007 nss 3.28.4-8.el73.44.0-4.el7nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS nss:3.28.4-8.el7
Medium CVE-2020-12400 nss 3.28.4-8.el73.53.1-3.el7_9nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function nss:3.28.4-8.el7
Medium CVE-2020-12401 nss 3.28.4-8.el73.53.1-3.el7_9nss: ECDSA timing attack mitigation bypass nss:3.28.4-8.el7
Medium CVE-2020-12402 nss 3.28.4-8.el73.53.1-3.el7_9nss: Side channel vulnerabilities during RSA key generation nss:3.28.4-8.el7
Medium CVE-2020-12403 nss 3.28.4-8.el73.53.1-3.el7_9nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read nss:3.28.4-8.el7
Medium CVE-2020-25648 nss 3.28.4-8.el73.53.1-7.el7_9nss: TLS 1.3 CCS flood remote DoS Attack nss:3.28.4-8.el7
Medium CVE-2020-6829 nss 3.28.4-8.el73.53.1-3.el7_9nss: Side channel attack on ECDSA signature generation nss:3.28.4-8.el7
Medium CVE-2018-1000007 nss-pem 1.0.3-4.el71.0.3-5.el7curl: HTTP authentication leak in redirects nss-pem:1.0.3-4.el7
Medium CVE-2018-1000120 nss-pem 1.0.3-4.el71.0.3-5.el7curl: FTP path trickery leads to NIL byte out of bounds write nss-pem:1.0.3-4.el7
Medium CVE-2018-1000122 nss-pem 1.0.3-4.el71.0.3-5.el7curl: RTSP RTP buffer over-read nss-pem:1.0.3-4.el7
Medium CVE-2018-1000301 nss-pem 1.0.3-4.el71.0.3-5.el7curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service nss-pem:1.0.3-4.el7
Medium CVE-2018-0495 nss-softokn 3.28.3-6.el73.44.0-5.el7ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries nss-softokn:3.28.3-6.el7
Medium CVE-2018-12404 nss-softokn 3.28.3-6.el73.44.0-5.el7nss: Cache side-channel variant of the Bleichenbacher attack nss-softokn:3.28.3-6.el7
Medium CVE-2019-11719 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: Out-of-bounds read when importing curve25519 private key nss-softokn:3.28.3-6.el7
Medium CVE-2019-11729 nss-softokn 3.28.3-6.el73.44.0-8.el7_7nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault nss-softokn:3.28.3-6.el7
Medium CVE-2019-11756 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: Use-after-free in sftk_FreeSession due to improper refcounting nss-softokn:3.28.3-6.el7
Medium CVE-2019-17006 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: Check length of inputs for cryptographic primitives nss-softokn:3.28.3-6.el7
Medium CVE-2019-17007 nss-softokn 3.28.3-6.el73.44.0-5.el7nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS nss-softokn:3.28.3-6.el7
Medium CVE-2020-12400 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function nss-softokn:3.28.3-6.el7
Medium CVE-2020-12401 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: ECDSA timing attack mitigation bypass nss-softokn:3.28.3-6.el7
Medium CVE-2020-12402 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: Side channel vulnerabilities during RSA key generation nss-softokn:3.28.3-6.el7
Medium CVE-2020-12403 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read nss-softokn:3.28.3-6.el7
Medium CVE-2020-6829 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: Side channel attack on ECDSA signature generation nss-softokn:3.28.3-6.el7
Medium CVE-2018-0495 nss-softokn-freebl 3.28.3-6.el73.44.0-5.el7ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2018-12404 nss-softokn-freebl 3.28.3-6.el73.44.0-5.el7nss: Cache side-channel variant of the Bleichenbacher attack nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2019-11719 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: Out-of-bounds read when importing curve25519 private key nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2019-11729 nss-softokn-freebl 3.28.3-6.el73.44.0-8.el7_7nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2019-11756 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: Use-after-free in sftk_FreeSession due to improper refcounting nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2019-17006 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: Check length of inputs for cryptographic primitives nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2019-17007 nss-softokn-freebl 3.28.3-6.el73.44.0-5.el7nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2020-12400 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2020-12401 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: ECDSA timing attack mitigation bypass nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2020-12402 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: Side channel vulnerabilities during RSA key generation nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2020-12403 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2020-6829 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: Side channel attack on ECDSA signature generation nss-softokn-freebl:3.28.3-6.el7
Medium CVE-2018-0495 nss-sysinit 3.28.4-8.el73.44.0-4.el7ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries nss-sysinit:3.28.4-8.el7
Medium CVE-2018-12384 nss-sysinit 3.28.4-8.el73.36.0-7.el7_5nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello nss-sysinit:3.28.4-8.el7
Medium CVE-2018-12404 nss-sysinit 3.28.4-8.el73.44.0-4.el7nss: Cache side-channel variant of the Bleichenbacher attack nss-sysinit:3.28.4-8.el7
Medium CVE-2019-11719 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: Out-of-bounds read when importing curve25519 private key nss-sysinit:3.28.4-8.el7
Medium CVE-2019-11729 nss-sysinit 3.28.4-8.el73.44.0-7.el7_7nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault nss-sysinit:3.28.4-8.el7
Medium CVE-2019-11756 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: Use-after-free in sftk_FreeSession due to improper refcounting nss-sysinit:3.28.4-8.el7
Medium CVE-2019-17006 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: Check length of inputs for cryptographic primitives nss-sysinit:3.28.4-8.el7
Medium CVE-2019-17007 nss-sysinit 3.28.4-8.el73.44.0-4.el7nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS nss-sysinit:3.28.4-8.el7
Medium CVE-2020-12400 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function nss-sysinit:3.28.4-8.el7
Medium CVE-2020-12401 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: ECDSA timing attack mitigation bypass nss-sysinit:3.28.4-8.el7
Medium CVE-2020-12402 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: Side channel vulnerabilities during RSA key generation nss-sysinit:3.28.4-8.el7
Medium CVE-2020-12403 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read nss-sysinit:3.28.4-8.el7
Medium CVE-2020-25648 nss-sysinit 3.28.4-8.el73.53.1-7.el7_9nss: TLS 1.3 CCS flood remote DoS Attack nss-sysinit:3.28.4-8.el7
Medium CVE-2020-6829 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: Side channel attack on ECDSA signature generation nss-sysinit:3.28.4-8.el7
Medium CVE-2018-0495 nss-tools 3.28.4-8.el73.44.0-4.el7ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries nss-tools:3.28.4-8.el7
Medium CVE-2018-12384 nss-tools 3.28.4-8.el73.36.0-7.el7_5nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello nss-tools:3.28.4-8.el7
Medium CVE-2018-12404 nss-tools 3.28.4-8.el73.44.0-4.el7nss: Cache side-channel variant of the Bleichenbacher attack nss-tools:3.28.4-8.el7
Medium CVE-2019-11719 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: Out-of-bounds read when importing curve25519 private key nss-tools:3.28.4-8.el7
Medium CVE-2019-11729 nss-tools 3.28.4-8.el73.44.0-7.el7_7nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault nss-tools:3.28.4-8.el7
Medium CVE-2019-11756 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: Use-after-free in sftk_FreeSession due to improper refcounting nss-tools:3.28.4-8.el7
Medium CVE-2019-17006 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: Check length of inputs for cryptographic primitives nss-tools:3.28.4-8.el7
Medium CVE-2019-17007 nss-tools 3.28.4-8.el73.44.0-4.el7nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS nss-tools:3.28.4-8.el7
Medium CVE-2020-12400 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function nss-tools:3.28.4-8.el7
Medium CVE-2020-12401 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: ECDSA timing attack mitigation bypass nss-tools:3.28.4-8.el7
Medium CVE-2020-12402 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: Side channel vulnerabilities during RSA key generation nss-tools:3.28.4-8.el7
Medium CVE-2020-12403 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read nss-tools:3.28.4-8.el7
Medium CVE-2020-25648 nss-tools 3.28.4-8.el73.53.1-7.el7_9nss: TLS 1.3 CCS flood remote DoS Attack nss-tools:3.28.4-8.el7
Medium CVE-2020-6829 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: Side channel attack on ECDSA signature generation nss-tools:3.28.4-8.el7
Medium CVE-2018-0495 nss-util 3.28.4-3.el73.44.0-3.el7ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries nss-util:3.28.4-3.el7
Medium CVE-2018-12404 nss-util 3.28.4-3.el73.44.0-3.el7nss: Cache side-channel variant of the Bleichenbacher attack nss-util:3.28.4-3.el7
Medium CVE-2019-11719 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: Out-of-bounds read when importing curve25519 private key nss-util:3.28.4-3.el7
Medium CVE-2019-11729 nss-util 3.28.4-3.el73.44.0-4.el7_7nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault nss-util:3.28.4-3.el7
Medium CVE-2019-11756 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: Use-after-free in sftk_FreeSession due to improper refcounting nss-util:3.28.4-3.el7
Medium CVE-2019-17006 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: Check length of inputs for cryptographic primitives nss-util:3.28.4-3.el7
Medium CVE-2019-17007 nss-util 3.28.4-3.el73.44.0-3.el7nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS nss-util:3.28.4-3.el7
Medium CVE-2020-12400 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function nss-util:3.28.4-3.el7
Medium CVE-2020-12401 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: ECDSA timing attack mitigation bypass nss-util:3.28.4-3.el7
Medium CVE-2020-12402 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: Side channel vulnerabilities during RSA key generation nss-util:3.28.4-3.el7
Medium CVE-2020-12403 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read nss-util:3.28.4-3.el7
Medium CVE-2020-6829 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: Side channel attack on ECDSA signature generation nss-util:3.28.4-3.el7
Medium CVE-2020-12243 openldap 2.4.44-5.el72.4.44-22.el7openldap: denial of service via nested boolean expressions in LDAP search filters openldap:2.4.44-5.el7
Medium CVE-2020-25692 openldap 2.4.44-5.el72.4.44-23.el7_9openldap: NULL pointer dereference for unauthenticated packet in slapd openldap:2.4.44-5.el7
Medium CVE-2020-25709 openldap 2.4.44-5.el72.4.44-25.el7_9openldap: assertion failure in Certificate List syntax validation openldap:2.4.44-5.el7
Medium CVE-2020-25710 openldap 2.4.44-5.el72.4.44-25.el7_9openldap: assertion failure in CSN normalization with invalid input openldap:2.4.44-5.el7
Medium CVE-2017-3736 openssl-libs 1:1.0.2k-8.el71:1.0.2k-12.el7openssl: bn_sqrx8x_internal carry bug on x86_64 openssl-libs:1:1.0.2k-8.el7
Medium CVE-2017-3737 openssl-libs 1:1.0.2k-8.el71:1.0.2k-12.el7openssl: Read/write after SSL object in error state openssl-libs:1:1.0.2k-8.el7
Medium CVE-2018-0495 openssl-libs 1:1.0.2k-8.el71:1.0.2k-16.el7ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries openssl-libs:1:1.0.2k-8.el7
Medium CVE-2018-0732 openssl-libs 1:1.0.2k-8.el71:1.0.2k-16.el7openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang openssl-libs:1:1.0.2k-8.el7
Medium CVE-2018-0739 openssl-libs 1:1.0.2k-8.el71:1.0.2k-16.el7openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service openssl-libs:1:1.0.2k-8.el7
Medium CVE-2018-5407 openssl-libs 1:1.0.2k-8.el71:1.0.2k-16.el7_6.1openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) openssl-libs:1:1.0.2k-8.el7
Medium CVE-2019-1559 openssl-libs 1:1.0.2k-8.el71:1.0.2k-19.el7openssl: 0-byte record padding oracle openssl-libs:1:1.0.2k-8.el7
Medium CVE-2021-23840 openssl-libs 1:1.0.2k-8.el71:1.0.2k-22.el7_9openssl: integer overflow in CipherUpdate openssl-libs:1:1.0.2k-8.el7
Medium CVE-2021-23841 openssl-libs 1:1.0.2k-8.el71:1.0.2k-22.el7_9openssl: NULL pointer dereference in X509_issuer_and_serial_hash() openssl-libs:1:1.0.2k-8.el7
Medium CVE-2021-3712 openssl-libs 1:1.0.2k-8.el71:1.0.2k-23.el7_9openssl: Read buffer overruns processing ASN.1 strings openssl-libs:1:1.0.2k-8.el7
Medium CVE-2018-1122 procps-ng 3.3.10-16.el73.3.10-26.el7procps-ng, procps: Local privilege escalation in top procps-ng:3.3.10-16.el7
Medium CVE-2018-1126 procps-ng 3.3.10-16.el73.3.10-17.el7_5.2procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues procps-ng:3.3.10-16.el7
Medium CVE-2016-2183 python 2.7.5-58.el72.7.5-69.el7_5SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) python:2.7.5-58.el7
Medium CVE-2018-1061 python 2.7.5-58.el72.7.5-76.el7python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib python:2.7.5-58.el7
Medium CVE-2018-14647 python 2.7.5-58.el72.7.5-86.el7python: Missing salt initialization in _elementtree.c module python:2.7.5-58.el7
Medium CVE-2018-20852 python 2.7.5-58.el72.7.5-88.el7python: Cookie domain check returns incorrect results python:2.7.5-58.el7
Medium CVE-2019-16056 python 2.7.5-58.el72.7.5-88.el7python: email.utils.parseaddr wrongly parses email addresses python:2.7.5-58.el7
Medium CVE-2019-16935 python 2.7.5-58.el72.7.5-89.el7python: XSS vulnerability in the documentation XML-RPC server in server_title field python:2.7.5-58.el7
Medium CVE-2019-20907 python 2.7.5-58.el72.7.5-90.el7python: infinite loop in the tarfile module via crafted TAR archive python:2.7.5-58.el7
Medium CVE-2019-5010 python 2.7.5-58.el72.7.5-86.el7python: NULL pointer dereference using a specially crafted X509 certificate python:2.7.5-58.el7
Medium CVE-2019-9740 python 2.7.5-58.el72.7.5-86.el7python: CRLF injection via the query part of the url passed to urlopen() python:2.7.5-58.el7
Medium CVE-2019-9947 python 2.7.5-58.el72.7.5-86.el7python: CRLF injection via the path part of the url passed to urlopen() python:2.7.5-58.el7
Medium CVE-2019-9948 python 2.7.5-58.el72.7.5-86.el7python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms python:2.7.5-58.el7
Medium CVE-2016-2183 python-libs 2.7.5-58.el72.7.5-69.el7_5SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) python-libs:2.7.5-58.el7
Medium CVE-2018-1061 python-libs 2.7.5-58.el72.7.5-76.el7python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib python-libs:2.7.5-58.el7
Medium CVE-2018-14647 python-libs 2.7.5-58.el72.7.5-86.el7python: Missing salt initialization in _elementtree.c module python-libs:2.7.5-58.el7
Medium CVE-2018-20852 python-libs 2.7.5-58.el72.7.5-88.el7python: Cookie domain check returns incorrect results python-libs:2.7.5-58.el7
Medium CVE-2019-16056 python-libs 2.7.5-58.el72.7.5-88.el7python: email.utils.parseaddr wrongly parses email addresses python-libs:2.7.5-58.el7
Medium CVE-2019-16935 python-libs 2.7.5-58.el72.7.5-89.el7python: XSS vulnerability in the documentation XML-RPC server in server_title field python-libs:2.7.5-58.el7
Medium CVE-2019-20907 python-libs 2.7.5-58.el72.7.5-90.el7python: infinite loop in the tarfile module via crafted TAR archive python-libs:2.7.5-58.el7
Medium CVE-2019-5010 python-libs 2.7.5-58.el72.7.5-86.el7python: NULL pointer dereference using a specially crafted X509 certificate python-libs:2.7.5-58.el7
Medium CVE-2019-9740 python-libs 2.7.5-58.el72.7.5-86.el7python: CRLF injection via the query part of the url passed to urlopen() python-libs:2.7.5-58.el7
Medium CVE-2019-9947 python-libs 2.7.5-58.el72.7.5-86.el7python: CRLF injection via the path part of the url passed to urlopen() python-libs:2.7.5-58.el7
Medium CVE-2019-9948 python-libs 2.7.5-58.el72.7.5-86.el7python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms python-libs:2.7.5-58.el7
Medium CVE-2021-20271 rpm 4.11.3-25.el74.11.3-48.el7_9rpm: Signature checks bypass via corrupted rpm package rpm:4.11.3-25.el7
Medium CVE-2021-20271 rpm-build-libs 4.11.3-25.el74.11.3-48.el7_9rpm: Signature checks bypass via corrupted rpm package rpm-build-libs:4.11.3-25.el7
Medium CVE-2021-20271 rpm-libs 4.11.3-25.el74.11.3-48.el7_9rpm: Signature checks bypass via corrupted rpm package rpm-libs:4.11.3-25.el7
Medium CVE-2021-20271 rpm-python 4.11.3-25.el74.11.3-48.el7_9rpm: Signature checks bypass via corrupted rpm package rpm-python:4.11.3-25.el7
Medium CVE-2019-3820 shared-mime-info 1.8-3.el71.8-5.el7gnome-shell: partial lock screen bypass shared-mime-info:1.8-3.el7
Medium CVE-2018-1049 systemd 219-42.el7219-42.el7_4.7systemd: automount: access to automounted volumes can lock up systemd:219-42.el7
Medium CVE-2018-15686 systemd 219-42.el7219-67.el7systemd: line splitting via fgets() allows for state injection during daemon-reexec systemd:219-42.el7
Medium CVE-2018-16866 systemd 219-42.el7219-67.el7systemd: out-of-bounds read when parsing a crafted syslog message systemd:219-42.el7
Medium CVE-2018-1049 systemd-libs 219-42.el7219-42.el7_4.7systemd: automount: access to automounted volumes can lock up systemd-libs:219-42.el7
Medium CVE-2018-15686 systemd-libs 219-42.el7219-67.el7systemd: line splitting via fgets() allows for state injection during daemon-reexec systemd-libs:219-42.el7
Medium CVE-2018-16866 systemd-libs 219-42.el7219-67.el7systemd: out-of-bounds read when parsing a crafted syslog message systemd-libs:219-42.el7
Medium CVE-2019-2692 mysql:mysql-connector-java 5.1.258.0.16mysql-connector-java: privilege escalation in MySQL connector mysql:mysql-connector-java:5.1.25
Medium CVE-2020-2875 mysql:mysql-connector-java 5.1.255.1.49, 8.0.15mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete mysql:mysql-connector-java:5.1.25
Medium CVE-2020-2934 mysql:mysql-connector-java 5.1.255.1.49, 8.0.20mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete mysql:mysql-connector-java:5.1.25
Medium CVE-2019-10247 org.eclipse.jetty:jetty-http 8.1.14.v201310319.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418jetty: error path information disclosure org.eclipse.jetty:jetty-http:8.1.14.v20131031
Medium CVE-2019-10247 org.eclipse.jetty:jetty-server 8.1.14.v201310319.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418jetty: error path information disclosure org.eclipse.jetty:jetty-server:8.1.14.v20131031
Low CVE-2018-5745 bind-license 32:9.9.4-50.el732:9.11.4-16.P2.el7bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys bind-license:32:9.9.4-50.el7
Low CVE-2019-6465 bind-license 32:9.9.4-50.el732:9.11.4-16.P2.el7bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable bind-license:32:9.9.4-50.el7
Low CVE-2018-10372 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file binutils:2.25.1-31.base.el7
Low CVE-2018-10373 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file binutils:2.25.1-31.base.el7
Low CVE-2018-10534 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: out of bounds memory write in peXXigen.c files binutils:2.25.1-31.base.el7
Low CVE-2018-10535 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: NULL pointer dereference in elf.c binutils:2.25.1-31.base.el7
Low CVE-2018-12641 binutils 2.25.1-31.base.el72.27-41.base.el7binutils: Stack Exhaustion in the demangling functions provided by libiberty binutils:2.25.1-31.base.el7
Low CVE-2018-12697 binutils 2.25.1-31.base.el72.27-41.base.el7binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c. binutils:2.25.1-31.base.el7
Low CVE-2018-13033 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: Uncontrolled Resource Consumption in execution of nm binutils:2.25.1-31.base.el7
Low CVE-2018-7208 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file binutils:2.25.1-31.base.el7
Low CVE-2018-7568 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library binutils:2.25.1-31.base.el7
Low CVE-2018-7569 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library binutils:2.25.1-31.base.el7
Low CVE-2018-7642 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash binutils:2.25.1-31.base.el7
Low CVE-2018-7643 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: Integer overflow in the display_debug_ranges function resulting in crash binutils:2.25.1-31.base.el7
Low CVE-2018-8945 binutils 2.25.1-31.base.el72.27-34.base.el7binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable binutils:2.25.1-31.base.el7
Low CVE-2018-1000121 curl 7.29.0-42.el77.29.0-51.el7curl: LDAP NULL pointer dereference curl:7.29.0-42.el7
Low CVE-2018-14618 curl 7.29.0-42.el77.29.0-51.el7_6.3curl: NTLM password overflow via integer overflow curl:7.29.0-42.el7
Low CVE-2018-16842 curl 7.29.0-42.el77.29.0-54.el7curl: Heap-based buffer over-read in the curl tool warning formatting curl:7.29.0-42.el7
Low CVE-2019-5436 curl 7.29.0-42.el77.29.0-57.el7curl: TFTP receive heap buffer overflow in tftp_receive_packet() function curl:7.29.0-42.el7
Low CVE-2018-16062 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file elfutils-default-yama-scope:0.168-8.el7
Low CVE-2018-16402 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: Double-free due to double decompression of sections in crafted ELF causes crash elfutils-default-yama-scope:0.168-8.el7
Low CVE-2018-16403 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash elfutils-default-yama-scope:0.168-8.el7
Low CVE-2018-18310 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl elfutils-default-yama-scope:0.168-8.el7
Low CVE-2018-18520 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: eu-size cannot handle recursive ar files elfutils-default-yama-scope:0.168-8.el7
Low CVE-2018-18521 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c elfutils-default-yama-scope:0.168-8.el7
Low CVE-2019-7149 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw elfutils-default-yama-scope:0.168-8.el7
Low CVE-2019-7150 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c elfutils-default-yama-scope:0.168-8.el7
Low CVE-2019-7664 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h elfutils-default-yama-scope:0.168-8.el7
Low CVE-2019-7665 elfutils-default-yama-scope 0.168-8.el70.176-2.el7elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c elfutils-default-yama-scope:0.168-8.el7
Low CVE-2018-16062 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file elfutils-libelf:0.168-8.el7
Low CVE-2018-16402 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: Double-free due to double decompression of sections in crafted ELF causes crash elfutils-libelf:0.168-8.el7
Low CVE-2018-16403 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash elfutils-libelf:0.168-8.el7
Low CVE-2018-18310 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl elfutils-libelf:0.168-8.el7
Low CVE-2018-18520 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: eu-size cannot handle recursive ar files elfutils-libelf:0.168-8.el7
Low CVE-2018-18521 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c elfutils-libelf:0.168-8.el7
Low CVE-2019-7149 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw elfutils-libelf:0.168-8.el7
Low CVE-2019-7150 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c elfutils-libelf:0.168-8.el7
Low CVE-2019-7664 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h elfutils-libelf:0.168-8.el7
Low CVE-2019-7665 elfutils-libelf 0.168-8.el70.176-2.el7elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c elfutils-libelf:0.168-8.el7
Low CVE-2018-16062 elfutils-libs 0.168-8.el70.176-2.el7elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file elfutils-libs:0.168-8.el7
Low CVE-2018-16402 elfutils-libs 0.168-8.el70.176-2.el7elfutils: Double-free due to double decompression of sections in crafted ELF causes crash elfutils-libs:0.168-8.el7
Low CVE-2018-16403 elfutils-libs 0.168-8.el70.176-2.el7elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash elfutils-libs:0.168-8.el7
Low CVE-2018-18310 elfutils-libs 0.168-8.el70.176-2.el7elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl elfutils-libs:0.168-8.el7
Low CVE-2018-18520 elfutils-libs 0.168-8.el70.176-2.el7elfutils: eu-size cannot handle recursive ar files elfutils-libs:0.168-8.el7
Low CVE-2018-18521 elfutils-libs 0.168-8.el70.176-2.el7elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c elfutils-libs:0.168-8.el7
Low CVE-2019-7149 elfutils-libs 0.168-8.el70.176-2.el7elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw elfutils-libs:0.168-8.el7
Low CVE-2019-7150 elfutils-libs 0.168-8.el70.176-2.el7elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c elfutils-libs:0.168-8.el7
Low CVE-2019-7664 elfutils-libs 0.168-8.el70.176-2.el7elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h elfutils-libs:0.168-8.el7
Low CVE-2019-7665 elfutils-libs 0.168-8.el70.176-2.el7elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c elfutils-libs:0.168-8.el7
Low CVE-2019-15903 expat 2.1.0-10.el7_32.1.0-12.el7expat: heap-based buffer over-read via crafted XML input expat:2.1.0-10.el7_3
Low CVE-2018-10360 file-libs 5.11-33.el75.11-36.el7file: out-of-bounds read via a crafted ELF file file-libs:5.11-33.el7
Low CVE-2017-18267 glib2 2.50.3-3.el72.56.1-2.el7poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service glib2:2.50.3-3.el7
Low CVE-2018-10733 glib2 2.50.3-3.el72.56.1-2.el7libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c glib2:2.50.3-3.el7
Low CVE-2018-10767 glib2 2.50.3-3.el72.56.1-2.el7libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c glib2:2.50.3-3.el7
Low CVE-2018-10768 glib2 2.50.3-3.el72.56.1-2.el7poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF glib2:2.50.3-3.el7
Low CVE-2018-13988 glib2 2.50.3-3.el72.56.1-2.el7poppler: out of bounds read in pdfunite glib2:2.50.3-3.el7
Low CVE-2018-5818 glib2 2.50.3-3.el72.56.1-5.el7LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp glib2:2.50.3-3.el7
Low CVE-2018-5819 glib2 2.50.3-3.el72.56.1-5.el7LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp glib2:2.50.3-3.el7
Low CVE-2014-9402 glibc 2.17-196.el72.17-222.el7glibc: denial of service in getnetbyname function glibc:2.17-196.el7
Low CVE-2015-5180 glibc 2.17-196.el72.17-222.el7glibc: DNS resolver NULL pointer dereference with crafted record type glibc:2.17-196.el7
Low CVE-2017-12132 glibc 2.17-196.el72.17-222.el7glibc: Fragmentation attacks possible when EDNS0 is enabled glibc:2.17-196.el7
Low CVE-2019-19126 glibc 2.17-196.el72.17-317.el7glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries glibc:2.17-196.el7
Low CVE-2014-9402 glibc-common 2.17-196.el72.17-222.el7glibc: denial of service in getnetbyname function glibc-common:2.17-196.el7
Low CVE-2015-5180 glibc-common 2.17-196.el72.17-222.el7glibc: DNS resolver NULL pointer dereference with crafted record type glibc-common:2.17-196.el7
Low CVE-2017-12132 glibc-common 2.17-196.el72.17-222.el7glibc: Fragmentation attacks possible when EDNS0 is enabled glibc-common:2.17-196.el7
Low CVE-2019-19126 glibc-common 2.17-196.el72.17-317.el7glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries glibc-common:2.17-196.el7
Low CVE-2017-18267 gobject-introspection 1.50.0-1.el71.56.1-1.el7poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service gobject-introspection:1.50.0-1.el7
Low CVE-2018-10733 gobject-introspection 1.50.0-1.el71.56.1-1.el7libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c gobject-introspection:1.50.0-1.el7
Low CVE-2018-10767 gobject-introspection 1.50.0-1.el71.56.1-1.el7libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c gobject-introspection:1.50.0-1.el7
Low CVE-2018-10768 gobject-introspection 1.50.0-1.el71.56.1-1.el7poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF gobject-introspection:1.50.0-1.el7
Low CVE-2018-13988 gobject-introspection 1.50.0-1.el71.56.1-1.el7poppler: out of bounds read in pdfunite gobject-introspection:1.50.0-1.el7
Low CVE-2018-5729 krb5-libs 1.15.1-8.el71.15.1-34.el7krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data krb5-libs:1.15.1-8.el7
Low CVE-2018-5730 krb5-libs 1.15.1-8.el71.15.1-34.el7krb5: DN container check bypass by supplying special crafted data krb5-libs:1.15.1-8.el7
Low CVE-2018-1000121 libcurl 7.29.0-42.el77.29.0-51.el7curl: LDAP NULL pointer dereference libcurl:7.29.0-42.el7
Low CVE-2018-14618 libcurl 7.29.0-42.el77.29.0-51.el7_6.3curl: NTLM password overflow via integer overflow libcurl:7.29.0-42.el7
Low CVE-2018-16842 libcurl 7.29.0-42.el77.29.0-54.el7curl: Heap-based buffer over-read in the curl tool warning formatting libcurl:7.29.0-42.el7
Low CVE-2019-5436 libcurl 7.29.0-42.el77.29.0-57.el7curl: TFTP receive heap buffer overflow in tftp_receive_packet() function libcurl:7.29.0-42.el7
Low CVE-2017-11671 libgcc 4.8.5-16.el74.8.5-28.el7gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics libgcc:4.8.5-16.el7
Low CVE-2017-11671 libstdc++ 4.8.5-16.el74.8.5-28.el7gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics libstdc++:4.8.5-16.el7
Low CVE-2017-18258 libxml2 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: Unrestricted memory usage in xz_head() function in xzlib.c libxml2:2.9.1-6.el7_2.3
Low CVE-2018-14567 libxml2 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: Infinite loop caused by incorrect error detection during LZMA decompression libxml2:2.9.1-6.el7_2.3
Low CVE-2017-18258 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: Unrestricted memory usage in xz_head() function in xzlib.c libxml2-python:2.9.1-6.el7_2.3
Low CVE-2018-14567 libxml2-python 2.9.1-6.el7_2.32.9.1-6.el7.4libxml2: Infinite loop caused by incorrect error detection during LZMA decompression libxml2-python:2.9.1-6.el7_2.3
Low CVE-2019-11727 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 nspr:4.13.1-1.0.el7_3
Low CVE-2019-17023 nspr 4.13.1-1.0.el7_34.25.0-2.el7_9nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state nspr:4.13.1-1.0.el7_3
Low CVE-2019-11727 nss 3.28.4-8.el73.53.1-3.el7_9nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 nss:3.28.4-8.el7
Low CVE-2019-17023 nss 3.28.4-8.el73.53.1-3.el7_9nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state nss:3.28.4-8.el7
Low CVE-2018-1000121 nss-pem 1.0.3-4.el71.0.3-5.el7curl: LDAP NULL pointer dereference nss-pem:1.0.3-4.el7
Low CVE-2019-11727 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 nss-softokn:3.28.3-6.el7
Low CVE-2019-17023 nss-softokn 3.28.3-6.el73.53.1-6.el7_9nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state nss-softokn:3.28.3-6.el7
Low CVE-2019-11727 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 nss-softokn-freebl:3.28.3-6.el7
Low CVE-2019-17023 nss-softokn-freebl 3.28.3-6.el73.53.1-6.el7_9nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state nss-softokn-freebl:3.28.3-6.el7
Low CVE-2019-11727 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 nss-sysinit:3.28.4-8.el7
Low CVE-2019-17023 nss-sysinit 3.28.4-8.el73.53.1-3.el7_9nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state nss-sysinit:3.28.4-8.el7
Low CVE-2019-11727 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 nss-tools:3.28.4-8.el7
Low CVE-2019-17023 nss-tools 3.28.4-8.el73.53.1-3.el7_9nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state nss-tools:3.28.4-8.el7
Low CVE-2019-11727 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 nss-util:3.28.4-3.el7
Low CVE-2019-17023 nss-util 3.28.4-3.el73.53.1-1.el7_9nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state nss-util:3.28.4-3.el7
Low CVE-2017-3735 openssl-libs 1:1.0.2k-8.el71:1.0.2k-16.el7openssl: Malformed X.509 IPAdressFamily could cause OOB read openssl-libs:1:1.0.2k-8.el7
Low CVE-2017-3738 openssl-libs 1:1.0.2k-8.el71:1.0.2k-12.el7openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 openssl-libs:1:1.0.2k-8.el7
Low CVE-2018-0734 openssl-libs 1:1.0.2k-8.el71:1.0.2k-19.el7openssl: timing side channel attack in the DSA signature algorithm openssl-libs:1:1.0.2k-8.el7
Low CVE-2018-0735 openssl-libs 1:1.0.2k-8.el71:1.0.2k-16.el7_6.1openssl: timing side channel attack in the ECDSA signature generation openssl-libs:1:1.0.2k-8.el7
Low CVE-2018-0737 openssl-libs 1:1.0.2k-8.el71:1.0.2k-16.el7openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys openssl-libs:1:1.0.2k-8.el7
Low CVE-2018-1060 python 2.7.5-58.el72.7.5-76.el7python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib python:2.7.5-58.el7
Low CVE-2018-1060 python-libs 2.7.5-58.el72.7.5-76.el7python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib python-libs:2.7.5-58.el7
Low CVE-2018-1113 setup 2.8.71-7.el72.8.71-10.el7setup: nologin listed in /etc/shells violates security expectations setup:2.8.71-7.el7
Low CVE-2018-16888 systemd 219-42.el7219-67.el7systemd: kills privileged process if unprivileged PIDFile was tampered systemd:219-42.el7
Low CVE-2019-20386 systemd 219-42.el7219-78.el7systemd: memory leak in button_open() in login/logind-button.c when udev events are received systemd:219-42.el7
Low CVE-2019-3815 systemd 219-42.el7219-62.el7_6.3systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 systemd:219-42.el7
Low CVE-2018-16888 systemd-libs 219-42.el7219-67.el7systemd: kills privileged process if unprivileged PIDFile was tampered systemd-libs:219-42.el7
Low CVE-2019-20386 systemd-libs 219-42.el7219-78.el7systemd: memory leak in button_open() in login/logind-button.c when udev events are received systemd-libs:219-42.el7
Low CVE-2019-3815 systemd-libs 219-42.el7219-62.el7_6.3systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 systemd-libs:219-42.el7
Low CVE-2017-3589 mysql:mysql-connector-java 5.1.255.1.42mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017) mysql:mysql-connector-java:5.1.25
Low CVE-2020-2933 mysql:mysql-connector-java 5.1.255.1.49mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS mysql:mysql-connector-java:5.1.25
Low CVE-2021-34428 org.eclipse.jetty:jetty-server 8.1.14.v201310319.4.40.v20210413, 10.0.3, 11.0.3jetty: SessionListener can prevent a session from being invalidated breaking logout org.eclipse.jetty:jetty-server:8.1.14.v20131031

Command

ADD file:d6a1da927f0b7a710092fca7e3f021d2757fa3006cdbda3fe0898114832eda9b in /
Vulnerable packages, installed in this layer 6 years ago
nss 3.28.4-8.el7 nss-sysinit 3.28.4-8.el7 nss-tools 3.28.4-8.el7 bind-license 32:9.9.4-50.el7 cyrus-sasl-lib 2.1.26-21.el7 dbus 1:1.6.12-17.el7 dbus-libs 1:1.6.12-17.el7 dracut 033-502.el7 expat 2.1.0-10.el7_3 glib2 2.50.3-3.el7 gnupg2 2.0.22-4.el7 gzip 1.5-9.el7 libssh2 1.4.3-10.el7_2.1 nss-softokn 3.28.3-6.el7 nss-softokn-freebl 3.28.3-6.el7 nss-util 3.28.4-3.el7 openssl-libs 1:1.0.2k-8.el7 procps-ng 3.3.10-16.el7 python 2.7.5-58.el7 python-libs 2.7.5-58.el7

Command

LABEL name=CentOS Base Image vendor=CentOS license=GPLv2 build-date=20170911

Command

CMD ["/bin/bash"]

Command

MAINTAINER wolv "284530332@qq.com"

Command

ADD dir:520fec6ada9e714f8fd50718cf76b33a0c7b3556b202e47a0346dcfa550753aa in /opt/jdk1.7.0_80
Vulnerable packages, installed in this layer 6 years ago
org.eclipse.jetty:jetty-server 8.1.14.v20131031 org.eclipse.jetty:jetty-http 8.1.14.v20131031 org.eclipse.jetty:jetty-io 8.1.14.v20131031 org.eclipse.jetty:jetty-util 8.1.14.v20131031

Command

ADD dir:2d940afb8f4631d04840f17812793bbc0ad31f4477e93ee5ff5ed54981bcfeb2 in /opt/apache-tomcat
Vulnerable package, installed in this layer 6 years ago
mysql:mysql-connector-java 5.1.25

Command

ENV JAVA_HOME=/opt/jdk1.7.0_80

Command

ENV CATALINA_HOME=/opt/apache-tomcat

Command

ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/jdk1.7.0_80/bin:/opt/apache-tomcat/bin

Command

EXPOSE 8080/tcp 8443/tcp 9004/tcp

Command

ENTRYPOINT ["/bin/sh" "-c" "/opt/apache-tomcat/bin/catalina.sh run"]
Dynamic Analysis Results
The following graph outlines the most important system events generated by the container:
The container starts a service that renders the following contents over port 8080:
The container produces the following text output:
user@host: ~