frozenfox/tomcat
Region: us-east-2
Scan Summary
Critical vulnerabilities
5Malicious files
1Last scan
1 year, 10 months ago
Type of scan
Prevasio CSPMScan duration
5 minutes and 21 secondsImage Details
Image URI
frozenfox/tomcatImage tags
wolvDigest
—Created
6 years ago
Compressed size
228.92 MBUncompressed size
501.38 MBOS/architecture
linux/amd64OS distribution
centos 7.4.1708Working directory
—ENTRYPOINT
/bin/sh-c/opt/apache-tomcat/bin/catalina.sh runCMD
—User
—Ports
8080/tcp8443/tcp
9004/tcp
Volumes
—Environment variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/jdk1.7.0_80/bin:/opt/apache-tomcat/bin
JAVA_HOME=/opt/jdk1.7.0_80
CATALINA_HOME=/opt/apache-tomcat
Filename | File Size | SHA 256 | Threat Name | Report |
---|---|---|---|---|
/opt/apache-tomcat/bin/tomcat7w.exe | 447.47 kB | 082db3b37da8b1be66eb57d2ce512477493de356897ea638ab75364da3288f39 | Win.Adware.LoadMoney-3644756-1 | VirusTotal |
Overview
Critical
5High
64Medium
258Low
115Informational
0Vulnerabilities (442)
Severity | Name | Package | Version | Fixed in | Description | Package:version |
---|---|---|---|---|---|---|
Critical | CVE-2021-43527 | nss | 3.28.4-8.el7 | 3.67.0-4.el7_9 | nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | nss:3.28.4-8.el7 |
Critical | CVE-2021-43527 | nss-sysinit | 3.28.4-8.el7 | 3.67.0-4.el7_9 | nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | nss-sysinit:3.28.4-8.el7 |
Critical | CVE-2021-43527 | nss-tools | 3.28.4-8.el7 | 3.67.0-4.el7_9 | nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) | nss-tools:3.28.4-8.el7 |
Critical | CVE-2017-7657 | org.eclipse.jetty:jetty-server | 8.1.14.v20131031 | 9.2.25.v20180606, 9.3.24.v20180605 | jetty: HTTP request smuggling | org.eclipse.jetty:jetty-server:8.1.14.v20131031 |
Critical | CVE-2017-7658 | org.eclipse.jetty:jetty-server | 8.1.14.v20131031 | 9.2.26.v20180806, 9.3.24.v20180605, 9.4.11.v20180605 | jetty: Incorrect header handling | org.eclipse.jetty:jetty-server:8.1.14.v20131031 |
High | CVE-2017-3143 | bind-license | 32:9.9.4-50.el7 | 32:9.9.4-50.el7_3.1 | bind: An error in TSIG authentication can permit unauthorized dynamic updates | bind-license:32:9.9.4-50.el7 |
High | CVE-2017-3145 | bind-license | 32:9.9.4-50.el7 | 32:9.9.4-51.el7_4.2 | bind: Improper fetch cleanup sequencing in the resolver can cause named to crash | bind-license:32:9.9.4-50.el7 |
High | CVE-2018-5740 | bind-license | 32:9.9.4-50.el7 | 32:9.9.4-61.el7_5.1 | bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service | bind-license:32:9.9.4-50.el7 |
High | CVE-2018-5743 | bind-license | 32:9.9.4-50.el7 | 32:9.9.4-74.el7_6.1 | bind: Limiting simultaneous TCP clients is ineffective | bind-license:32:9.9.4-50.el7 |
High | CVE-2020-8616 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-16.P2.el7_8.6 | bind: BIND does not sufficiently limit the number of fetches performed when processing referrals | bind-license:32:9.9.4-50.el7 |
High | CVE-2020-8617 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-16.P2.el7_8.6 | bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c | bind-license:32:9.9.4-50.el7 |
High | CVE-2020-8625 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-26.P2.el7_9.4 | bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation | bind-license:32:9.9.4-50.el7 |
High | CVE-2021-25215 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-26.P2.el7_9.5 | bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself | bind-license:32:9.9.4-50.el7 |
High | CVE-2022-24407 | cyrus-sasl-lib | 2.1.26-21.el7 | 2.1.26-24.el7_9 | cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands | cyrus-sasl-lib:2.1.26-21.el7 |
High | CVE-2020-12049 | dbus | 1:1.6.12-17.el7 | 1:1.10.24-14.el7_8 | dbus: denial of service via file descriptor leak | dbus:1:1.6.12-17.el7 |
High | CVE-2020-12049 | dbus-libs | 1:1.6.12-17.el7 | 1:1.10.24-14.el7_8 | dbus: denial of service via file descriptor leak | dbus-libs:1:1.6.12-17.el7 |
High | CVE-2017-5715 | dracut | 033-502.el7 | 033-502.el7_4.1 | hw: cpu: speculative execution branch target injection | dracut:033-502.el7 |
High | CVE-2022-25235 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution | expat:2.1.0-10.el7_3 |
High | CVE-2022-25236 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution | expat:2.1.0-10.el7_3 |
High | CVE-2022-25315 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Integer overflow in storeRawNames() | expat:2.1.0-10.el7_3 |
High | CVE-2021-27219 | glib2 | 2.50.3-3.el7 | 2.56.1-9.el7_9 | glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits | glib2:2.50.3-3.el7 |
High | CVE-2018-12020 | gnupg2 | 2.0.22-4.el7 | 2.0.22-5.el7_5 | gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification | gnupg2:2.0.22-4.el7 |
High | CVE-2022-1271 | gzip | 1.5-9.el7 | 1.5-11.el7_9 | gzip: arbitrary-file-write vulnerability | gzip:1.5-9.el7 |
High | CVE-2019-3855 | libssh2 | 1.4.3-10.el7_2.1 | 1.4.3-12.el7_6.2 | libssh2: Integer overflow in transport read resulting in out of bounds write | libssh2:1.4.3-10.el7_2.1 |
High | CVE-2019-3856 | libssh2 | 1.4.3-10.el7_2.1 | 1.4.3-12.el7_6.2 | libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write | libssh2:1.4.3-10.el7_2.1 |
High | CVE-2019-3857 | libssh2 | 1.4.3-10.el7_2.1 | 1.4.3-12.el7_6.2 | libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write | libssh2:1.4.3-10.el7_2.1 |
High | CVE-2019-3863 | libssh2 | 1.4.3-10.el7_2.1 | 1.4.3-12.el7_6.2 | libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes | libssh2:1.4.3-10.el7_2.1 |
High | CVE-2017-7805 | nss | 3.28.4-8.el7 | 3.28.4-12.el7_4 | nss: Potential use-after-free in TLS 1.2 server when verifying client authentication | nss:3.28.4-8.el7 |
High | CVE-2019-11745 | nss | 3.28.4-8.el7 | 3.44.0-7.el7_7 | nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate | nss:3.28.4-8.el7 |
High | CVE-2019-11745 | nss-softokn | 3.28.3-6.el7 | 3.44.0-8.el7_7 | nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate | nss-softokn:3.28.3-6.el7 |
High | CVE-2019-11745 | nss-softokn-freebl | 3.28.3-6.el7 | 3.44.0-8.el7_7 | nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate | nss-softokn-freebl:3.28.3-6.el7 |
High | CVE-2017-7805 | nss-sysinit | 3.28.4-8.el7 | 3.28.4-12.el7_4 | nss: Potential use-after-free in TLS 1.2 server when verifying client authentication | nss-sysinit:3.28.4-8.el7 |
High | CVE-2019-11745 | nss-sysinit | 3.28.4-8.el7 | 3.44.0-7.el7_7 | nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate | nss-sysinit:3.28.4-8.el7 |
High | CVE-2017-7805 | nss-tools | 3.28.4-8.el7 | 3.28.4-12.el7_4 | nss: Potential use-after-free in TLS 1.2 server when verifying client authentication | nss-tools:3.28.4-8.el7 |
High | CVE-2019-11745 | nss-tools | 3.28.4-8.el7 | 3.44.0-7.el7_7 | nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate | nss-tools:3.28.4-8.el7 |
High | CVE-2019-11745 | nss-util | 3.28.4-3.el7 | 3.44.0-4.el7_7 | nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate | nss-util:3.28.4-3.el7 |
High | CVE-2020-1971 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-21.el7_9 | openssl: EDIPARTYNAME NULL pointer de-reference | openssl-libs:1:1.0.2k-8.el7 |
High | CVE-2022-0778 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-25.el7_9 | openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates | openssl-libs:1:1.0.2k-8.el7 |
High | CVE-2018-1124 | procps-ng | 3.3.10-16.el7 | 3.3.10-17.el7_5.2 | procps-ng, procps: Integer overflows leading to heap overflow in file2strvec | procps-ng:3.3.10-16.el7 |
High | CVE-2019-10160 | python | 2.7.5-58.el7 | 2.7.5-80.el7_6 | python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc | python:2.7.5-58.el7 |
High | CVE-2019-9636 | python | 2.7.5-58.el7 | 2.7.5-77.el7_6 | python: Information Disclosure due to urlsplit improper NFKC normalization | python:2.7.5-58.el7 |
High | CVE-2019-10160 | python-libs | 2.7.5-58.el7 | 2.7.5-80.el7_6 | python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc | python-libs:2.7.5-58.el7 |
High | CVE-2019-9636 | python-libs | 2.7.5-58.el7 | 2.7.5-77.el7_6 | python: Information Disclosure due to urlsplit improper NFKC normalization | python-libs:2.7.5-58.el7 |
High | CVE-2019-13734 | sqlite | 3.7.17-8.el7 | 3.7.17-8.el7_7.1 | sqlite: fts3: improve shadow table corruption detection | sqlite:3.7.17-8.el7 |
High | CVE-2018-15688 | systemd | 219-42.el7 | 219-62.el7_6.2 | systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling | systemd:219-42.el7 |
High | CVE-2018-16864 | systemd | 219-42.el7 | 219-62.el7_6.2 | systemd: stack overflow when calling syslog from a command with long cmdline | systemd:219-42.el7 |
High | CVE-2018-16865 | systemd | 219-42.el7 | 219-62.el7_6.2 | systemd: stack overflow when receiving many journald entries | systemd:219-42.el7 |
High | CVE-2019-6454 | systemd | 219-42.el7 | 219-62.el7_6.5 | systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash | systemd:219-42.el7 |
High | CVE-2018-15688 | systemd-libs | 219-42.el7 | 219-62.el7_6.2 | systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling | systemd-libs:219-42.el7 |
High | CVE-2018-16864 | systemd-libs | 219-42.el7 | 219-62.el7_6.2 | systemd: stack overflow when calling syslog from a command with long cmdline | systemd-libs:219-42.el7 |
High | CVE-2018-16865 | systemd-libs | 219-42.el7 | 219-62.el7_6.2 | systemd: stack overflow when receiving many journald entries | systemd-libs:219-42.el7 |
High | CVE-2019-6454 | systemd-libs | 219-42.el7 | 219-62.el7_6.5 | systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash | systemd-libs:219-42.el7 |
High | CVE-2019-12735 | vim-minimal | 2:7.4.160-2.el7 | 2:7.4.160-6.el7_6 | vim/neovim: ':source!' command allows arbitrary command execution via modelines | vim-minimal:2:7.4.160-2.el7 |
High | CVE-2018-10897 | yum-plugin-fastestmirror | 1.1.31-42.el7 | 1.1.31-46.el7_5 | yum-utils: reposync: improper path validation may lead to directory traversal | yum-plugin-fastestmirror:1.1.31-42.el7 |
High | CVE-2018-10897 | yum-plugin-ovl | 1.1.31-42.el7 | 1.1.31-46.el7_5 | yum-utils: reposync: improper path validation may lead to directory traversal | yum-plugin-ovl:1.1.31-42.el7 |
High | CVE-2018-10897 | yum-utils | 1.1.31-42.el7 | 1.1.31-46.el7_5 | yum-utils: reposync: improper path validation may lead to directory traversal | yum-utils:1.1.31-42.el7 |
High | CVE-2018-25032 | zlib | 1.2.7-17.el7 | 1.2.7-20.el7_9 | zlib: A flaw found in zlib when compressing (not decompressing) certain inputs | zlib:1.2.7-17.el7 |
High | CVE-2017-3523 | mysql:mysql-connector-java | 5.1.25 | 5.1.41 | mysql-connector-java: Improper automatic deserialization of binary data (CPU Apr 2017) | mysql:mysql-connector-java:5.1.25 |
High | CVE-2018-3258 | mysql:mysql-connector-java | 5.1.25 | 8.0.13 | mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) | mysql:mysql-connector-java:5.1.25 |
High | CVE-2020-27216 | org.eclipse.jetty:jetty-http | 8.1.14.v20131031 | 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3 | jetty: local temporary directory hijacking vulnerability | org.eclipse.jetty:jetty-http:8.1.14.v20131031 |
High | CVE-2021-28165 | org.eclipse.jetty:jetty-http | 8.1.14.v20131031 | 9.4.39.v20210325, 10.0.2, 11.0.2 | jetty: Resource exhaustion when receiving an invalid large TLS frame | org.eclipse.jetty:jetty-http:8.1.14.v20131031 |
High | CVE-2021-28165 | org.eclipse.jetty:jetty-io | 8.1.14.v20131031 | 9.4.39.v20210325, 10.0.2, 11.0.2 | jetty: Resource exhaustion when receiving an invalid large TLS frame | org.eclipse.jetty:jetty-io:8.1.14.v20131031 |
High | CVE-2015-2080 | org.eclipse.jetty:jetty-server | 8.1.14.v20131031 | 9.2.9.v20150224 | jetty: remote unauthenticated credential exposure | org.eclipse.jetty:jetty-server:8.1.14.v20131031 |
High | CVE-2017-7656 | org.eclipse.jetty:jetty-server | 8.1.14.v20131031 | 9.2.26.v20180806, 9.3.24.v20180605, 9.4.11.v20180605 | jetty: HTTP request smuggling using the range header | org.eclipse.jetty:jetty-server:8.1.14.v20131031 |
High | CVE-2020-27216 | org.eclipse.jetty:jetty-server | 8.1.14.v20131031 | 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3 | jetty: local temporary directory hijacking vulnerability | org.eclipse.jetty:jetty-server:8.1.14.v20131031 |
High | CVE-2021-28165 | org.eclipse.jetty:jetty-server | 8.1.14.v20131031 | 9.4.39.v20210325, 10.0.2, 11.0.2 | jetty: Resource exhaustion when receiving an invalid large TLS frame | org.eclipse.jetty:jetty-server:8.1.14.v20131031 |
High | CVE-2017-9735 | org.eclipse.jetty:jetty-util | 8.1.14.v20131031 | 9.4.6.v20170531 | jetty: Timing channel attack in util/security/Password.java | org.eclipse.jetty:jetty-util:8.1.14.v20131031 |
High | CVE-2020-27216 | org.eclipse.jetty:jetty-util | 8.1.14.v20131031 | 9.4.33.v20201020, 10.0.0.beta3, 11.0.0.beta3 | jetty: local temporary directory hijacking vulnerability | org.eclipse.jetty:jetty-util:8.1.14.v20131031 |
High | CVE-2021-28165 | org.eclipse.jetty:jetty-util | 8.1.14.v20131031 | 9.4.39.v20210325, 10.0.2, 11.0.2 | jetty: Resource exhaustion when receiving an invalid large TLS frame | org.eclipse.jetty:jetty-util:8.1.14.v20131031 |
Medium | CVE-2019-9924 | bash | 4.2.46-28.el7 | 4.2.46-34.el7 | bash: BASH_CMD is writable in restricted bash shells | bash:4.2.46-28.el7 |
Medium | CVE-2017-3142 | bind-license | 32:9.9.4-50.el7 | 32:9.9.4-50.el7_3.1 | bind: An error in TSIG authentication can permit unauthorized zone transfers | bind-license:32:9.9.4-50.el7 |
Medium | CVE-2018-5741 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-9.P2.el7 | bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies | bind-license:32:9.9.4-50.el7 |
Medium | CVE-2018-5742 | bind-license | 32:9.9.4-50.el7 | 32:9.9.4-73.el7_6 | bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary | bind-license:32:9.9.4-50.el7 |
Medium | CVE-2019-6477 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-16.P2.el7 | bind: TCP Pipelining doesn't limit TCP clients on a single connection | bind-license:32:9.9.4-50.el7 |
Medium | CVE-2020-8622 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-26.P2.el7_9.2 | bind: truncated TSIG response can lead to an assertion failure | bind-license:32:9.9.4-50.el7 |
Medium | CVE-2020-8623 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-26.P2.el7_9.2 | bind: remotely triggerable assertion failure in pk11.c | bind-license:32:9.9.4-50.el7 |
Medium | CVE-2020-8624 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-26.P2.el7_9.2 | bind: incorrect enforcement of update-policy rules of type "subdomain" | bind-license:32:9.9.4-50.el7 |
Medium | CVE-2021-25214 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-26.P2.el7_9.7 | bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly | bind-license:32:9.9.4-50.el7 |
Medium | CVE-2018-1000876 | binutils | 2.25.1-31.base.el7 | 2.27-41.base.el7 | binutils: integer overflow leads to heap-based buffer overflow in objdump | binutils:2.25.1-31.base.el7 |
Medium | CVE-2021-42574 | binutils | 2.25.1-31.base.el7 | 2.27-44.base.el7_9.1 | Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks | binutils:2.25.1-31.base.el7 |
Medium | CVE-2019-14866 | cpio | 2.11-24.el7 | 2.11-28.el7 | cpio: improper input validation when writing tar header fields leads to unexpected tar generation | cpio:2.11-24.el7 |
Medium | CVE-2017-1000257 | curl | 7.29.0-42.el7 | 7.29.0-42.el7_4.1 | curl: IMAP FETCH response out of bounds read | curl:7.29.0-42.el7 |
Medium | CVE-2018-1000007 | curl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: HTTP authentication leak in redirects | curl:7.29.0-42.el7 |
Medium | CVE-2018-1000120 | curl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: FTP path trickery leads to NIL byte out of bounds write | curl:7.29.0-42.el7 |
Medium | CVE-2018-1000122 | curl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: RTSP RTP buffer over-read | curl:7.29.0-42.el7 |
Medium | CVE-2018-1000301 | curl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service | curl:7.29.0-42.el7 |
Medium | CVE-2019-5482 | curl | 7.29.0-42.el7 | 7.29.0-59.el7 | curl: heap buffer overflow in function tftp_receive_packet() | curl:7.29.0-42.el7 |
Medium | CVE-2020-8177 | curl | 7.29.0-42.el7 | 7.29.0-59.el7_9.1 | curl: Incorrect argument check can allow remote servers to overwrite local files | curl:7.29.0-42.el7 |
Medium | CVE-2019-12749 | dbus | 1:1.6.12-17.el7 | 1:1.10.24-15.el7 | dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass | dbus:1:1.6.12-17.el7 |
Medium | CVE-2019-12749 | dbus-libs | 1:1.6.12-17.el7 | 1:1.10.24-15.el7 | dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass | dbus-libs:1:1.6.12-17.el7 |
Medium | CVE-2015-2716 | expat | 2.1.0-10.el7_3 | 2.1.0-11.el7 | expat: Integer overflow leading to buffer overflow in XML_GetBuffer() | expat:2.1.0-10.el7_3 |
Medium | CVE-2018-20843 | expat | 2.1.0-10.el7_3 | 2.1.0-12.el7 | expat: large number of colons in input makes parser consume high amount of resources, leading to DoS | expat:2.1.0-10.el7_3 |
Medium | CVE-2021-45960 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Large number of prefixed XML attributes on a single tag can crash libexpat | expat:2.1.0-10.el7_3 |
Medium | CVE-2021-46143 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Integer overflow in doProlog in xmlparse.c | expat:2.1.0-10.el7_3 |
Medium | CVE-2022-22822 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Integer overflow in addBinding in xmlparse.c | expat:2.1.0-10.el7_3 |
Medium | CVE-2022-22823 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Integer overflow in build_model in xmlparse.c | expat:2.1.0-10.el7_3 |
Medium | CVE-2022-22824 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Integer overflow in defineAttribute in xmlparse.c | expat:2.1.0-10.el7_3 |
Medium | CVE-2022-22825 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Integer overflow in lookup in xmlparse.c | expat:2.1.0-10.el7_3 |
Medium | CVE-2022-22826 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Integer overflow in nextScaffoldPart in xmlparse.c | expat:2.1.0-10.el7_3 |
Medium | CVE-2022-22827 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Integer overflow in storeAtts in xmlparse.c | expat:2.1.0-10.el7_3 |
Medium | CVE-2022-23852 | expat | 2.1.0-10.el7_3 | 2.1.0-14.el7_9 | expat: Integer overflow in function XML_GetBuffer | expat:2.1.0-10.el7_3 |
Medium | CVE-2015-9381 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash | glib2:2.50.3-3.el7 |
Medium | CVE-2015-9382 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read | glib2:2.50.3-3.el7 |
Medium | CVE-2017-2862 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | gdk-pixbuf2: Heap overflow in the gdk_pixbuf__jpeg_image_load_increment function | glib2:2.50.3-3.el7 |
Medium | CVE-2018-11712 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | webkitgtk: Improper TLS certificate verification for WebSocket connections | glib2:2.50.3-3.el7 |
Medium | CVE-2018-11713 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | webkitgtk: WebSockets don't use system proxy settings | glib2:2.50.3-3.el7 |
Medium | CVE-2018-12910 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames | glib2:2.50.3-3.el7 |
Medium | CVE-2018-14036 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c | glib2:2.50.3-3.el7 |
Medium | CVE-2018-4121 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | webkitgtk: memory corruption processing maliciously crafted web content | glib2:2.50.3-3.el7 |
Medium | CVE-2018-4200 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | webkitgtk: memory corruption processing maliciously crafted web content | glib2:2.50.3-3.el7 |
Medium | CVE-2018-4204 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | webkitgtk: memory corruption processing maliciously crafted web content | glib2:2.50.3-3.el7 |
Medium | CVE-2019-12450 | glib2 | 2.50.3-3.el7 | 2.56.1-7.el7 | glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress | glib2:2.50.3-3.el7 |
Medium | CVE-2019-14822 | glib2 | 2.50.3-3.el7 | 2.56.1-7.el7 | ibus: missing authorization allows local attacker to access the input bus of another user | glib2:2.50.3-3.el7 |
Medium | CVE-2016-10739 | glibc | 2.17-196.el7 | 2.17-292.el7 | glibc: getaddrinfo should reject IP addresses with trailing characters | glibc:2.17-196.el7 |
Medium | CVE-2017-15670 | glibc | 2.17-196.el7 | 2.17-222.el7 | glibc: Buffer overflow in glob with GLOB_TILDE | glibc:2.17-196.el7 |
Medium | CVE-2017-15804 | glibc | 2.17-196.el7 | 2.17-222.el7 | glibc: Buffer overflow during unescaping of user names with the ~ operator | glibc:2.17-196.el7 |
Medium | CVE-2017-16997 | glibc | 2.17-196.el7 | 2.17-260.el7 | glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries | glibc:2.17-196.el7 |
Medium | CVE-2018-1000001 | glibc | 2.17-196.el7 | 2.17-222.el7 | glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation | glibc:2.17-196.el7 |
Medium | CVE-2018-11236 | glibc | 2.17-196.el7 | 2.17-260.el7 | glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow | glibc:2.17-196.el7 |
Medium | CVE-2018-11237 | glibc | 2.17-196.el7 | 2.17-260.el7 | glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper | glibc:2.17-196.el7 |
Medium | CVE-2018-6485 | glibc | 2.17-196.el7 | 2.17-260.el7 | glibc: Integer overflow in posix_memalign in memalign functions | glibc:2.17-196.el7 |
Medium | CVE-2019-25013 | glibc | 2.17-196.el7 | 2.17-322.el7_9 | glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding | glibc:2.17-196.el7 |
Medium | CVE-2020-10029 | glibc | 2.17-196.el7 | 2.17-322.el7_9 | glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions | glibc:2.17-196.el7 |
Medium | CVE-2020-29573 | glibc | 2.17-196.el7 | 2.17-322.el7_9 | glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern | glibc:2.17-196.el7 |
Medium | CVE-2016-10739 | glibc-common | 2.17-196.el7 | 2.17-292.el7 | glibc: getaddrinfo should reject IP addresses with trailing characters | glibc-common:2.17-196.el7 |
Medium | CVE-2017-15670 | glibc-common | 2.17-196.el7 | 2.17-222.el7 | glibc: Buffer overflow in glob with GLOB_TILDE | glibc-common:2.17-196.el7 |
Medium | CVE-2017-15804 | glibc-common | 2.17-196.el7 | 2.17-222.el7 | glibc: Buffer overflow during unescaping of user names with the ~ operator | glibc-common:2.17-196.el7 |
Medium | CVE-2017-16997 | glibc-common | 2.17-196.el7 | 2.17-260.el7 | glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries | glibc-common:2.17-196.el7 |
Medium | CVE-2018-1000001 | glibc-common | 2.17-196.el7 | 2.17-222.el7 | glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation | glibc-common:2.17-196.el7 |
Medium | CVE-2018-11236 | glibc-common | 2.17-196.el7 | 2.17-260.el7 | glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow | glibc-common:2.17-196.el7 |
Medium | CVE-2018-11237 | glibc-common | 2.17-196.el7 | 2.17-260.el7 | glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper | glibc-common:2.17-196.el7 |
Medium | CVE-2018-6485 | glibc-common | 2.17-196.el7 | 2.17-260.el7 | glibc: Integer overflow in posix_memalign in memalign functions | glibc-common:2.17-196.el7 |
Medium | CVE-2019-25013 | glibc-common | 2.17-196.el7 | 2.17-322.el7_9 | glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding | glibc-common:2.17-196.el7 |
Medium | CVE-2020-10029 | glibc-common | 2.17-196.el7 | 2.17-322.el7_9 | glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions | glibc-common:2.17-196.el7 |
Medium | CVE-2020-29573 | glibc-common | 2.17-196.el7 | 2.17-322.el7_9 | glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern | glibc-common:2.17-196.el7 |
Medium | CVE-2015-9381 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2015-9382 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2017-2862 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | gdk-pixbuf2: Heap overflow in the gdk_pixbuf__jpeg_image_load_increment function | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2018-11712 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | webkitgtk: Improper TLS certificate verification for WebSocket connections | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2018-11713 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | webkitgtk: WebSockets don't use system proxy settings | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2018-12910 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2018-14036 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2018-4121 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | webkitgtk: memory corruption processing maliciously crafted web content | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2018-4200 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | webkitgtk: memory corruption processing maliciously crafted web content | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2018-4204 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | webkitgtk: memory corruption processing maliciously crafted web content | gobject-introspection:1.50.0-1.el7 |
Medium | CVE-2017-11368 | krb5-libs | 1.15.1-8.el7 | 1.15.1-18.el7 | krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure | krb5-libs:1.15.1-8.el7 |
Medium | CVE-2017-7562 | krb5-libs | 1.15.1-8.el7 | 1.15.1-18.el7 | krb5: Authentication bypass by improper validation of certificate EKU and SAN | krb5-libs:1.15.1-8.el7 |
Medium | CVE-2018-20217 | krb5-libs | 1.15.1-8.el7 | 1.15.1-37.el7_7.2 | krb5: Reachable assertion in the KDC using S4U2Self requests | krb5-libs:1.15.1-8.el7 |
Medium | CVE-2021-37750 | krb5-libs | 1.15.1-8.el7 | 1.15.1-51.el7_9 | krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field | krb5-libs:1.15.1-8.el7 |
Medium | CVE-2019-5094 | libcom_err | 1.42.9-10.el7 | 1.42.9-19.el7 | e2fsprogs: Crafted ext4 partition leads to out-of-bounds write | libcom_err:1.42.9-10.el7 |
Medium | CVE-2019-5188 | libcom_err | 1.42.9-10.el7 | 1.42.9-19.el7 | e2fsprogs: Out-of-bounds write in e2fsck/rehash.c | libcom_err:1.42.9-10.el7 |
Medium | CVE-2017-1000257 | libcurl | 7.29.0-42.el7 | 7.29.0-42.el7_4.1 | curl: IMAP FETCH response out of bounds read | libcurl:7.29.0-42.el7 |
Medium | CVE-2018-1000007 | libcurl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: HTTP authentication leak in redirects | libcurl:7.29.0-42.el7 |
Medium | CVE-2018-1000120 | libcurl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: FTP path trickery leads to NIL byte out of bounds write | libcurl:7.29.0-42.el7 |
Medium | CVE-2018-1000122 | libcurl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: RTSP RTP buffer over-read | libcurl:7.29.0-42.el7 |
Medium | CVE-2018-1000301 | libcurl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service | libcurl:7.29.0-42.el7 |
Medium | CVE-2019-5482 | libcurl | 7.29.0-42.el7 | 7.29.0-59.el7 | curl: heap buffer overflow in function tftp_receive_packet() | libcurl:7.29.0-42.el7 |
Medium | CVE-2020-8177 | libcurl | 7.29.0-42.el7 | 7.29.0-59.el7_9.1 | curl: Incorrect argument check can allow remote servers to overwrite local files | libcurl:7.29.0-42.el7 |
Medium | CVE-2019-5094 | libss | 1.42.9-10.el7 | 1.42.9-19.el7 | e2fsprogs: Crafted ext4 partition leads to out-of-bounds write | libss:1.42.9-10.el7 |
Medium | CVE-2019-5188 | libss | 1.42.9-10.el7 | 1.42.9-19.el7 | e2fsprogs: Out-of-bounds write in e2fsck/rehash.c | libss:1.42.9-10.el7 |
Medium | CVE-2019-17498 | libssh2 | 1.4.3-10.el7_2.1 | 1.8.0-4.el7 | libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c | libssh2:1.4.3-10.el7_2.1 |
Medium | CVE-2019-3858 | libssh2 | 1.4.3-10.el7_2.1 | 1.8.0-3.el7 | libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read | libssh2:1.4.3-10.el7_2.1 |
Medium | CVE-2019-3861 | libssh2 | 1.4.3-10.el7_2.1 | 1.8.0-3.el7 | libssh2: Out-of-bounds reads with specially crafted SSH packets | libssh2:1.4.3-10.el7_2.1 |
Medium | CVE-2019-3862 | libssh2 | 1.4.3-10.el7_2.1 | 1.4.3-12.el7_6.3 | libssh2: Out-of-bounds memory comparison with specially crafted message channel request | libssh2:1.4.3-10.el7_2.1 |
Medium | CVE-2015-8035 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: DoS caused by incorrect error detection during XZ decompression | libxml2:2.9.1-6.el7_2.3 |
Medium | CVE-2016-4658 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7_9.6 | libxml2: Use after free via namespace node in XPointer ranges | libxml2:2.9.1-6.el7_2.3 |
Medium | CVE-2016-5131 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: Use after free triggered by XPointer paths beginning with range-to | libxml2:2.9.1-6.el7_2.3 |
Medium | CVE-2017-15412 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c | libxml2:2.9.1-6.el7_2.3 |
Medium | CVE-2018-14404 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c | libxml2:2.9.1-6.el7_2.3 |
Medium | CVE-2019-19956 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.5 | libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c | libxml2:2.9.1-6.el7_2.3 |
Medium | CVE-2019-20388 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.5 | libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c | libxml2:2.9.1-6.el7_2.3 |
Medium | CVE-2020-7595 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.5 | libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations | libxml2:2.9.1-6.el7_2.3 |
Medium | CVE-2015-8035 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: DoS caused by incorrect error detection during XZ decompression | libxml2-python:2.9.1-6.el7_2.3 |
Medium | CVE-2016-4658 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7_9.6 | libxml2: Use after free via namespace node in XPointer ranges | libxml2-python:2.9.1-6.el7_2.3 |
Medium | CVE-2016-5131 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: Use after free triggered by XPointer paths beginning with range-to | libxml2-python:2.9.1-6.el7_2.3 |
Medium | CVE-2017-15412 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c | libxml2-python:2.9.1-6.el7_2.3 |
Medium | CVE-2018-14404 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c | libxml2-python:2.9.1-6.el7_2.3 |
Medium | CVE-2019-19956 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.5 | libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c | libxml2-python:2.9.1-6.el7_2.3 |
Medium | CVE-2019-20388 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.5 | libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c | libxml2-python:2.9.1-6.el7_2.3 |
Medium | CVE-2020-7595 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.5 | libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations | libxml2-python:2.9.1-6.el7_2.3 |
Medium | CVE-2018-0495 | nspr | 4.13.1-1.0.el7_3 | 4.21.0-1.el7 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2018-12404 | nspr | 4.13.1-1.0.el7_3 | 4.21.0-1.el7 | nss: Cache side-channel variant of the Bleichenbacher attack | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2019-11719 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: Out-of-bounds read when importing curve25519 private key | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2019-11756 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: Use-after-free in sftk_FreeSession due to improper refcounting | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2019-17006 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: Check length of inputs for cryptographic primitives | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2019-17007 | nspr | 4.13.1-1.0.el7_3 | 4.21.0-1.el7 | nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2020-12400 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2020-12401 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: ECDSA timing attack mitigation bypass | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2020-12402 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: Side channel vulnerabilities during RSA key generation | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2020-12403 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2020-6829 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: Side channel attack on ECDSA signature generation | nspr:4.13.1-1.0.el7_3 |
Medium | CVE-2018-0495 | nss | 3.28.4-8.el7 | 3.44.0-4.el7 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | nss:3.28.4-8.el7 |
Medium | CVE-2018-12384 | nss | 3.28.4-8.el7 | 3.36.0-7.el7_5 | nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello | nss:3.28.4-8.el7 |
Medium | CVE-2018-12404 | nss | 3.28.4-8.el7 | 3.44.0-4.el7 | nss: Cache side-channel variant of the Bleichenbacher attack | nss:3.28.4-8.el7 |
Medium | CVE-2019-11719 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Out-of-bounds read when importing curve25519 private key | nss:3.28.4-8.el7 |
Medium | CVE-2019-11729 | nss | 3.28.4-8.el7 | 3.44.0-7.el7_7 | nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault | nss:3.28.4-8.el7 |
Medium | CVE-2019-11756 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Use-after-free in sftk_FreeSession due to improper refcounting | nss:3.28.4-8.el7 |
Medium | CVE-2019-17006 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Check length of inputs for cryptographic primitives | nss:3.28.4-8.el7 |
Medium | CVE-2019-17007 | nss | 3.28.4-8.el7 | 3.44.0-4.el7 | nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS | nss:3.28.4-8.el7 |
Medium | CVE-2020-12400 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function | nss:3.28.4-8.el7 |
Medium | CVE-2020-12401 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: ECDSA timing attack mitigation bypass | nss:3.28.4-8.el7 |
Medium | CVE-2020-12402 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Side channel vulnerabilities during RSA key generation | nss:3.28.4-8.el7 |
Medium | CVE-2020-12403 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read | nss:3.28.4-8.el7 |
Medium | CVE-2020-25648 | nss | 3.28.4-8.el7 | 3.53.1-7.el7_9 | nss: TLS 1.3 CCS flood remote DoS Attack | nss:3.28.4-8.el7 |
Medium | CVE-2020-6829 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Side channel attack on ECDSA signature generation | nss:3.28.4-8.el7 |
Medium | CVE-2018-1000007 | nss-pem | 1.0.3-4.el7 | 1.0.3-5.el7 | curl: HTTP authentication leak in redirects | nss-pem:1.0.3-4.el7 |
Medium | CVE-2018-1000120 | nss-pem | 1.0.3-4.el7 | 1.0.3-5.el7 | curl: FTP path trickery leads to NIL byte out of bounds write | nss-pem:1.0.3-4.el7 |
Medium | CVE-2018-1000122 | nss-pem | 1.0.3-4.el7 | 1.0.3-5.el7 | curl: RTSP RTP buffer over-read | nss-pem:1.0.3-4.el7 |
Medium | CVE-2018-1000301 | nss-pem | 1.0.3-4.el7 | 1.0.3-5.el7 | curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service | nss-pem:1.0.3-4.el7 |
Medium | CVE-2018-0495 | nss-softokn | 3.28.3-6.el7 | 3.44.0-5.el7 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2018-12404 | nss-softokn | 3.28.3-6.el7 | 3.44.0-5.el7 | nss: Cache side-channel variant of the Bleichenbacher attack | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2019-11719 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Out-of-bounds read when importing curve25519 private key | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2019-11729 | nss-softokn | 3.28.3-6.el7 | 3.44.0-8.el7_7 | nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2019-11756 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Use-after-free in sftk_FreeSession due to improper refcounting | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2019-17006 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Check length of inputs for cryptographic primitives | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2019-17007 | nss-softokn | 3.28.3-6.el7 | 3.44.0-5.el7 | nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2020-12400 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2020-12401 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: ECDSA timing attack mitigation bypass | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2020-12402 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Side channel vulnerabilities during RSA key generation | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2020-12403 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2020-6829 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Side channel attack on ECDSA signature generation | nss-softokn:3.28.3-6.el7 |
Medium | CVE-2018-0495 | nss-softokn-freebl | 3.28.3-6.el7 | 3.44.0-5.el7 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2018-12404 | nss-softokn-freebl | 3.28.3-6.el7 | 3.44.0-5.el7 | nss: Cache side-channel variant of the Bleichenbacher attack | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2019-11719 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Out-of-bounds read when importing curve25519 private key | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2019-11729 | nss-softokn-freebl | 3.28.3-6.el7 | 3.44.0-8.el7_7 | nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2019-11756 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Use-after-free in sftk_FreeSession due to improper refcounting | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2019-17006 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Check length of inputs for cryptographic primitives | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2019-17007 | nss-softokn-freebl | 3.28.3-6.el7 | 3.44.0-5.el7 | nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2020-12400 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2020-12401 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: ECDSA timing attack mitigation bypass | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2020-12402 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Side channel vulnerabilities during RSA key generation | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2020-12403 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2020-6829 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: Side channel attack on ECDSA signature generation | nss-softokn-freebl:3.28.3-6.el7 |
Medium | CVE-2018-0495 | nss-sysinit | 3.28.4-8.el7 | 3.44.0-4.el7 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2018-12384 | nss-sysinit | 3.28.4-8.el7 | 3.36.0-7.el7_5 | nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2018-12404 | nss-sysinit | 3.28.4-8.el7 | 3.44.0-4.el7 | nss: Cache side-channel variant of the Bleichenbacher attack | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2019-11719 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Out-of-bounds read when importing curve25519 private key | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2019-11729 | nss-sysinit | 3.28.4-8.el7 | 3.44.0-7.el7_7 | nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2019-11756 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Use-after-free in sftk_FreeSession due to improper refcounting | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2019-17006 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Check length of inputs for cryptographic primitives | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2019-17007 | nss-sysinit | 3.28.4-8.el7 | 3.44.0-4.el7 | nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2020-12400 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2020-12401 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: ECDSA timing attack mitigation bypass | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2020-12402 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Side channel vulnerabilities during RSA key generation | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2020-12403 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2020-25648 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-7.el7_9 | nss: TLS 1.3 CCS flood remote DoS Attack | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2020-6829 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Side channel attack on ECDSA signature generation | nss-sysinit:3.28.4-8.el7 |
Medium | CVE-2018-0495 | nss-tools | 3.28.4-8.el7 | 3.44.0-4.el7 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | nss-tools:3.28.4-8.el7 |
Medium | CVE-2018-12384 | nss-tools | 3.28.4-8.el7 | 3.36.0-7.el7_5 | nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello | nss-tools:3.28.4-8.el7 |
Medium | CVE-2018-12404 | nss-tools | 3.28.4-8.el7 | 3.44.0-4.el7 | nss: Cache side-channel variant of the Bleichenbacher attack | nss-tools:3.28.4-8.el7 |
Medium | CVE-2019-11719 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Out-of-bounds read when importing curve25519 private key | nss-tools:3.28.4-8.el7 |
Medium | CVE-2019-11729 | nss-tools | 3.28.4-8.el7 | 3.44.0-7.el7_7 | nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault | nss-tools:3.28.4-8.el7 |
Medium | CVE-2019-11756 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Use-after-free in sftk_FreeSession due to improper refcounting | nss-tools:3.28.4-8.el7 |
Medium | CVE-2019-17006 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Check length of inputs for cryptographic primitives | nss-tools:3.28.4-8.el7 |
Medium | CVE-2019-17007 | nss-tools | 3.28.4-8.el7 | 3.44.0-4.el7 | nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS | nss-tools:3.28.4-8.el7 |
Medium | CVE-2020-12400 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function | nss-tools:3.28.4-8.el7 |
Medium | CVE-2020-12401 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: ECDSA timing attack mitigation bypass | nss-tools:3.28.4-8.el7 |
Medium | CVE-2020-12402 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Side channel vulnerabilities during RSA key generation | nss-tools:3.28.4-8.el7 |
Medium | CVE-2020-12403 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read | nss-tools:3.28.4-8.el7 |
Medium | CVE-2020-25648 | nss-tools | 3.28.4-8.el7 | 3.53.1-7.el7_9 | nss: TLS 1.3 CCS flood remote DoS Attack | nss-tools:3.28.4-8.el7 |
Medium | CVE-2020-6829 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: Side channel attack on ECDSA signature generation | nss-tools:3.28.4-8.el7 |
Medium | CVE-2018-0495 | nss-util | 3.28.4-3.el7 | 3.44.0-3.el7 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | nss-util:3.28.4-3.el7 |
Medium | CVE-2018-12404 | nss-util | 3.28.4-3.el7 | 3.44.0-3.el7 | nss: Cache side-channel variant of the Bleichenbacher attack | nss-util:3.28.4-3.el7 |
Medium | CVE-2019-11719 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: Out-of-bounds read when importing curve25519 private key | nss-util:3.28.4-3.el7 |
Medium | CVE-2019-11729 | nss-util | 3.28.4-3.el7 | 3.44.0-4.el7_7 | nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault | nss-util:3.28.4-3.el7 |
Medium | CVE-2019-11756 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: Use-after-free in sftk_FreeSession due to improper refcounting | nss-util:3.28.4-3.el7 |
Medium | CVE-2019-17006 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: Check length of inputs for cryptographic primitives | nss-util:3.28.4-3.el7 |
Medium | CVE-2019-17007 | nss-util | 3.28.4-3.el7 | 3.44.0-3.el7 | nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS | nss-util:3.28.4-3.el7 |
Medium | CVE-2020-12400 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function | nss-util:3.28.4-3.el7 |
Medium | CVE-2020-12401 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: ECDSA timing attack mitigation bypass | nss-util:3.28.4-3.el7 |
Medium | CVE-2020-12402 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: Side channel vulnerabilities during RSA key generation | nss-util:3.28.4-3.el7 |
Medium | CVE-2020-12403 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read | nss-util:3.28.4-3.el7 |
Medium | CVE-2020-6829 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: Side channel attack on ECDSA signature generation | nss-util:3.28.4-3.el7 |
Medium | CVE-2020-12243 | openldap | 2.4.44-5.el7 | 2.4.44-22.el7 | openldap: denial of service via nested boolean expressions in LDAP search filters | openldap:2.4.44-5.el7 |
Medium | CVE-2020-25692 | openldap | 2.4.44-5.el7 | 2.4.44-23.el7_9 | openldap: NULL pointer dereference for unauthenticated packet in slapd | openldap:2.4.44-5.el7 |
Medium | CVE-2020-25709 | openldap | 2.4.44-5.el7 | 2.4.44-25.el7_9 | openldap: assertion failure in Certificate List syntax validation | openldap:2.4.44-5.el7 |
Medium | CVE-2020-25710 | openldap | 2.4.44-5.el7 | 2.4.44-25.el7_9 | openldap: assertion failure in CSN normalization with invalid input | openldap:2.4.44-5.el7 |
Medium | CVE-2017-3736 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-12.el7 | openssl: bn_sqrx8x_internal carry bug on x86_64 | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2017-3737 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-12.el7 | openssl: Read/write after SSL object in error state | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2018-0495 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-16.el7 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2018-0732 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-16.el7 | openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2018-0739 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-16.el7 | openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2018-5407 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-16.el7_6.1 | openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2019-1559 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-19.el7 | openssl: 0-byte record padding oracle | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2021-23840 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-22.el7_9 | openssl: integer overflow in CipherUpdate | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2021-23841 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-22.el7_9 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2021-3712 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-23.el7_9 | openssl: Read buffer overruns processing ASN.1 strings | openssl-libs:1:1.0.2k-8.el7 |
Medium | CVE-2018-1122 | procps-ng | 3.3.10-16.el7 | 3.3.10-26.el7 | procps-ng, procps: Local privilege escalation in top | procps-ng:3.3.10-16.el7 |
Medium | CVE-2018-1126 | procps-ng | 3.3.10-16.el7 | 3.3.10-17.el7_5.2 | procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues | procps-ng:3.3.10-16.el7 |
Medium | CVE-2016-2183 | python | 2.7.5-58.el7 | 2.7.5-69.el7_5 | SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) | python:2.7.5-58.el7 |
Medium | CVE-2018-1061 | python | 2.7.5-58.el7 | 2.7.5-76.el7 | python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib | python:2.7.5-58.el7 |
Medium | CVE-2018-14647 | python | 2.7.5-58.el7 | 2.7.5-86.el7 | python: Missing salt initialization in _elementtree.c module | python:2.7.5-58.el7 |
Medium | CVE-2018-20852 | python | 2.7.5-58.el7 | 2.7.5-88.el7 | python: Cookie domain check returns incorrect results | python:2.7.5-58.el7 |
Medium | CVE-2019-16056 | python | 2.7.5-58.el7 | 2.7.5-88.el7 | python: email.utils.parseaddr wrongly parses email addresses | python:2.7.5-58.el7 |
Medium | CVE-2019-16935 | python | 2.7.5-58.el7 | 2.7.5-89.el7 | python: XSS vulnerability in the documentation XML-RPC server in server_title field | python:2.7.5-58.el7 |
Medium | CVE-2019-20907 | python | 2.7.5-58.el7 | 2.7.5-90.el7 | python: infinite loop in the tarfile module via crafted TAR archive | python:2.7.5-58.el7 |
Medium | CVE-2019-5010 | python | 2.7.5-58.el7 | 2.7.5-86.el7 | python: NULL pointer dereference using a specially crafted X509 certificate | python:2.7.5-58.el7 |
Medium | CVE-2019-9740 | python | 2.7.5-58.el7 | 2.7.5-86.el7 | python: CRLF injection via the query part of the url passed to urlopen() | python:2.7.5-58.el7 |
Medium | CVE-2019-9947 | python | 2.7.5-58.el7 | 2.7.5-86.el7 | python: CRLF injection via the path part of the url passed to urlopen() | python:2.7.5-58.el7 |
Medium | CVE-2019-9948 | python | 2.7.5-58.el7 | 2.7.5-86.el7 | python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms | python:2.7.5-58.el7 |
Medium | CVE-2016-2183 | python-libs | 2.7.5-58.el7 | 2.7.5-69.el7_5 | SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) | python-libs:2.7.5-58.el7 |
Medium | CVE-2018-1061 | python-libs | 2.7.5-58.el7 | 2.7.5-76.el7 | python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib | python-libs:2.7.5-58.el7 |
Medium | CVE-2018-14647 | python-libs | 2.7.5-58.el7 | 2.7.5-86.el7 | python: Missing salt initialization in _elementtree.c module | python-libs:2.7.5-58.el7 |
Medium | CVE-2018-20852 | python-libs | 2.7.5-58.el7 | 2.7.5-88.el7 | python: Cookie domain check returns incorrect results | python-libs:2.7.5-58.el7 |
Medium | CVE-2019-16056 | python-libs | 2.7.5-58.el7 | 2.7.5-88.el7 | python: email.utils.parseaddr wrongly parses email addresses | python-libs:2.7.5-58.el7 |
Medium | CVE-2019-16935 | python-libs | 2.7.5-58.el7 | 2.7.5-89.el7 | python: XSS vulnerability in the documentation XML-RPC server in server_title field | python-libs:2.7.5-58.el7 |
Medium | CVE-2019-20907 | python-libs | 2.7.5-58.el7 | 2.7.5-90.el7 | python: infinite loop in the tarfile module via crafted TAR archive | python-libs:2.7.5-58.el7 |
Medium | CVE-2019-5010 | python-libs | 2.7.5-58.el7 | 2.7.5-86.el7 | python: NULL pointer dereference using a specially crafted X509 certificate | python-libs:2.7.5-58.el7 |
Medium | CVE-2019-9740 | python-libs | 2.7.5-58.el7 | 2.7.5-86.el7 | python: CRLF injection via the query part of the url passed to urlopen() | python-libs:2.7.5-58.el7 |
Medium | CVE-2019-9947 | python-libs | 2.7.5-58.el7 | 2.7.5-86.el7 | python: CRLF injection via the path part of the url passed to urlopen() | python-libs:2.7.5-58.el7 |
Medium | CVE-2019-9948 | python-libs | 2.7.5-58.el7 | 2.7.5-86.el7 | python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms | python-libs:2.7.5-58.el7 |
Medium | CVE-2021-20271 | rpm | 4.11.3-25.el7 | 4.11.3-48.el7_9 | rpm: Signature checks bypass via corrupted rpm package | rpm:4.11.3-25.el7 |
Medium | CVE-2021-20271 | rpm-build-libs | 4.11.3-25.el7 | 4.11.3-48.el7_9 | rpm: Signature checks bypass via corrupted rpm package | rpm-build-libs:4.11.3-25.el7 |
Medium | CVE-2021-20271 | rpm-libs | 4.11.3-25.el7 | 4.11.3-48.el7_9 | rpm: Signature checks bypass via corrupted rpm package | rpm-libs:4.11.3-25.el7 |
Medium | CVE-2021-20271 | rpm-python | 4.11.3-25.el7 | 4.11.3-48.el7_9 | rpm: Signature checks bypass via corrupted rpm package | rpm-python:4.11.3-25.el7 |
Medium | CVE-2019-3820 | shared-mime-info | 1.8-3.el7 | 1.8-5.el7 | gnome-shell: partial lock screen bypass | shared-mime-info:1.8-3.el7 |
Medium | CVE-2018-1049 | systemd | 219-42.el7 | 219-42.el7_4.7 | systemd: automount: access to automounted volumes can lock up | systemd:219-42.el7 |
Medium | CVE-2018-15686 | systemd | 219-42.el7 | 219-67.el7 | systemd: line splitting via fgets() allows for state injection during daemon-reexec | systemd:219-42.el7 |
Medium | CVE-2018-16866 | systemd | 219-42.el7 | 219-67.el7 | systemd: out-of-bounds read when parsing a crafted syslog message | systemd:219-42.el7 |
Medium | CVE-2018-1049 | systemd-libs | 219-42.el7 | 219-42.el7_4.7 | systemd: automount: access to automounted volumes can lock up | systemd-libs:219-42.el7 |
Medium | CVE-2018-15686 | systemd-libs | 219-42.el7 | 219-67.el7 | systemd: line splitting via fgets() allows for state injection during daemon-reexec | systemd-libs:219-42.el7 |
Medium | CVE-2018-16866 | systemd-libs | 219-42.el7 | 219-67.el7 | systemd: out-of-bounds read when parsing a crafted syslog message | systemd-libs:219-42.el7 |
Medium | CVE-2019-2692 | mysql:mysql-connector-java | 5.1.25 | 8.0.16 | mysql-connector-java: privilege escalation in MySQL connector | mysql:mysql-connector-java:5.1.25 |
Medium | CVE-2020-2875 | mysql:mysql-connector-java | 5.1.25 | 5.1.49, 8.0.15 | mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete | mysql:mysql-connector-java:5.1.25 |
Medium | CVE-2020-2934 | mysql:mysql-connector-java | 5.1.25 | 5.1.49, 8.0.20 | mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete | mysql:mysql-connector-java:5.1.25 |
Medium | CVE-2019-10247 | org.eclipse.jetty:jetty-http | 8.1.14.v20131031 | 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 | jetty: error path information disclosure | org.eclipse.jetty:jetty-http:8.1.14.v20131031 |
Medium | CVE-2019-10247 | org.eclipse.jetty:jetty-server | 8.1.14.v20131031 | 9.2.28.v20190418, 9.3.27.v20190418, 9.4.17.v20190418 | jetty: error path information disclosure | org.eclipse.jetty:jetty-server:8.1.14.v20131031 |
Low | CVE-2018-5745 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-16.P2.el7 | bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys | bind-license:32:9.9.4-50.el7 |
Low | CVE-2019-6465 | bind-license | 32:9.9.4-50.el7 | 32:9.11.4-16.P2.el7 | bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable | bind-license:32:9.9.4-50.el7 |
Low | CVE-2018-10372 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-10373 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-10534 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: out of bounds memory write in peXXigen.c files | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-10535 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: NULL pointer dereference in elf.c | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-12641 | binutils | 2.25.1-31.base.el7 | 2.27-41.base.el7 | binutils: Stack Exhaustion in the demangling functions provided by libiberty | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-12697 | binutils | 2.25.1-31.base.el7 | 2.27-41.base.el7 | binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c. | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-13033 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: Uncontrolled Resource Consumption in execution of nm | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-7208 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-7568 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-7569 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-7642 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-7643 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: Integer overflow in the display_debug_ranges function resulting in crash | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-8945 | binutils | 2.25.1-31.base.el7 | 2.27-34.base.el7 | binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable | binutils:2.25.1-31.base.el7 |
Low | CVE-2018-1000121 | curl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: LDAP NULL pointer dereference | curl:7.29.0-42.el7 |
Low | CVE-2018-14618 | curl | 7.29.0-42.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow via integer overflow | curl:7.29.0-42.el7 |
Low | CVE-2018-16842 | curl | 7.29.0-42.el7 | 7.29.0-54.el7 | curl: Heap-based buffer over-read in the curl tool warning formatting | curl:7.29.0-42.el7 |
Low | CVE-2019-5436 | curl | 7.29.0-42.el7 | 7.29.0-57.el7 | curl: TFTP receive heap buffer overflow in tftp_receive_packet() function | curl:7.29.0-42.el7 |
Low | CVE-2018-16062 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2018-16402 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: Double-free due to double decompression of sections in crafted ELF causes crash | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2018-16403 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2018-18310 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2018-18520 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: eu-size cannot handle recursive ar files | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2018-18521 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2019-7149 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2019-7150 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2019-7664 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2019-7665 | elfutils-default-yama-scope | 0.168-8.el7 | 0.176-2.el7 | elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c | elfutils-default-yama-scope:0.168-8.el7 |
Low | CVE-2018-16062 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file | elfutils-libelf:0.168-8.el7 |
Low | CVE-2018-16402 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: Double-free due to double decompression of sections in crafted ELF causes crash | elfutils-libelf:0.168-8.el7 |
Low | CVE-2018-16403 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash | elfutils-libelf:0.168-8.el7 |
Low | CVE-2018-18310 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl | elfutils-libelf:0.168-8.el7 |
Low | CVE-2018-18520 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: eu-size cannot handle recursive ar files | elfutils-libelf:0.168-8.el7 |
Low | CVE-2018-18521 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c | elfutils-libelf:0.168-8.el7 |
Low | CVE-2019-7149 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw | elfutils-libelf:0.168-8.el7 |
Low | CVE-2019-7150 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c | elfutils-libelf:0.168-8.el7 |
Low | CVE-2019-7664 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h | elfutils-libelf:0.168-8.el7 |
Low | CVE-2019-7665 | elfutils-libelf | 0.168-8.el7 | 0.176-2.el7 | elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c | elfutils-libelf:0.168-8.el7 |
Low | CVE-2018-16062 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file | elfutils-libs:0.168-8.el7 |
Low | CVE-2018-16402 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: Double-free due to double decompression of sections in crafted ELF causes crash | elfutils-libs:0.168-8.el7 |
Low | CVE-2018-16403 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash | elfutils-libs:0.168-8.el7 |
Low | CVE-2018-18310 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl | elfutils-libs:0.168-8.el7 |
Low | CVE-2018-18520 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: eu-size cannot handle recursive ar files | elfutils-libs:0.168-8.el7 |
Low | CVE-2018-18521 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c | elfutils-libs:0.168-8.el7 |
Low | CVE-2019-7149 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw | elfutils-libs:0.168-8.el7 |
Low | CVE-2019-7150 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c | elfutils-libs:0.168-8.el7 |
Low | CVE-2019-7664 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h | elfutils-libs:0.168-8.el7 |
Low | CVE-2019-7665 | elfutils-libs | 0.168-8.el7 | 0.176-2.el7 | elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c | elfutils-libs:0.168-8.el7 |
Low | CVE-2019-15903 | expat | 2.1.0-10.el7_3 | 2.1.0-12.el7 | expat: heap-based buffer over-read via crafted XML input | expat:2.1.0-10.el7_3 |
Low | CVE-2018-10360 | file-libs | 5.11-33.el7 | 5.11-36.el7 | file: out-of-bounds read via a crafted ELF file | file-libs:5.11-33.el7 |
Low | CVE-2017-18267 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service | glib2:2.50.3-3.el7 |
Low | CVE-2018-10733 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c | glib2:2.50.3-3.el7 |
Low | CVE-2018-10767 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c | glib2:2.50.3-3.el7 |
Low | CVE-2018-10768 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF | glib2:2.50.3-3.el7 |
Low | CVE-2018-13988 | glib2 | 2.50.3-3.el7 | 2.56.1-2.el7 | poppler: out of bounds read in pdfunite | glib2:2.50.3-3.el7 |
Low | CVE-2018-5818 | glib2 | 2.50.3-3.el7 | 2.56.1-5.el7 | LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp | glib2:2.50.3-3.el7 |
Low | CVE-2018-5819 | glib2 | 2.50.3-3.el7 | 2.56.1-5.el7 | LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp | glib2:2.50.3-3.el7 |
Low | CVE-2014-9402 | glibc | 2.17-196.el7 | 2.17-222.el7 | glibc: denial of service in getnetbyname function | glibc:2.17-196.el7 |
Low | CVE-2015-5180 | glibc | 2.17-196.el7 | 2.17-222.el7 | glibc: DNS resolver NULL pointer dereference with crafted record type | glibc:2.17-196.el7 |
Low | CVE-2017-12132 | glibc | 2.17-196.el7 | 2.17-222.el7 | glibc: Fragmentation attacks possible when EDNS0 is enabled | glibc:2.17-196.el7 |
Low | CVE-2019-19126 | glibc | 2.17-196.el7 | 2.17-317.el7 | glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries | glibc:2.17-196.el7 |
Low | CVE-2014-9402 | glibc-common | 2.17-196.el7 | 2.17-222.el7 | glibc: denial of service in getnetbyname function | glibc-common:2.17-196.el7 |
Low | CVE-2015-5180 | glibc-common | 2.17-196.el7 | 2.17-222.el7 | glibc: DNS resolver NULL pointer dereference with crafted record type | glibc-common:2.17-196.el7 |
Low | CVE-2017-12132 | glibc-common | 2.17-196.el7 | 2.17-222.el7 | glibc: Fragmentation attacks possible when EDNS0 is enabled | glibc-common:2.17-196.el7 |
Low | CVE-2019-19126 | glibc-common | 2.17-196.el7 | 2.17-317.el7 | glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries | glibc-common:2.17-196.el7 |
Low | CVE-2017-18267 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service | gobject-introspection:1.50.0-1.el7 |
Low | CVE-2018-10733 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c | gobject-introspection:1.50.0-1.el7 |
Low | CVE-2018-10767 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c | gobject-introspection:1.50.0-1.el7 |
Low | CVE-2018-10768 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF | gobject-introspection:1.50.0-1.el7 |
Low | CVE-2018-13988 | gobject-introspection | 1.50.0-1.el7 | 1.56.1-1.el7 | poppler: out of bounds read in pdfunite | gobject-introspection:1.50.0-1.el7 |
Low | CVE-2018-5729 | krb5-libs | 1.15.1-8.el7 | 1.15.1-34.el7 | krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data | krb5-libs:1.15.1-8.el7 |
Low | CVE-2018-5730 | krb5-libs | 1.15.1-8.el7 | 1.15.1-34.el7 | krb5: DN container check bypass by supplying special crafted data | krb5-libs:1.15.1-8.el7 |
Low | CVE-2018-1000121 | libcurl | 7.29.0-42.el7 | 7.29.0-51.el7 | curl: LDAP NULL pointer dereference | libcurl:7.29.0-42.el7 |
Low | CVE-2018-14618 | libcurl | 7.29.0-42.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow via integer overflow | libcurl:7.29.0-42.el7 |
Low | CVE-2018-16842 | libcurl | 7.29.0-42.el7 | 7.29.0-54.el7 | curl: Heap-based buffer over-read in the curl tool warning formatting | libcurl:7.29.0-42.el7 |
Low | CVE-2019-5436 | libcurl | 7.29.0-42.el7 | 7.29.0-57.el7 | curl: TFTP receive heap buffer overflow in tftp_receive_packet() function | libcurl:7.29.0-42.el7 |
Low | CVE-2017-11671 | libgcc | 4.8.5-16.el7 | 4.8.5-28.el7 | gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics | libgcc:4.8.5-16.el7 |
Low | CVE-2017-11671 | libstdc++ | 4.8.5-16.el7 | 4.8.5-28.el7 | gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics | libstdc++:4.8.5-16.el7 |
Low | CVE-2017-18258 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: Unrestricted memory usage in xz_head() function in xzlib.c | libxml2:2.9.1-6.el7_2.3 |
Low | CVE-2018-14567 | libxml2 | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: Infinite loop caused by incorrect error detection during LZMA decompression | libxml2:2.9.1-6.el7_2.3 |
Low | CVE-2017-18258 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: Unrestricted memory usage in xz_head() function in xzlib.c | libxml2-python:2.9.1-6.el7_2.3 |
Low | CVE-2018-14567 | libxml2-python | 2.9.1-6.el7_2.3 | 2.9.1-6.el7.4 | libxml2: Infinite loop caused by incorrect error detection during LZMA decompression | libxml2-python:2.9.1-6.el7_2.3 |
Low | CVE-2019-11727 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 | nspr:4.13.1-1.0.el7_3 |
Low | CVE-2019-17023 | nspr | 4.13.1-1.0.el7_3 | 4.25.0-2.el7_9 | nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state | nspr:4.13.1-1.0.el7_3 |
Low | CVE-2019-11727 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 | nss:3.28.4-8.el7 |
Low | CVE-2019-17023 | nss | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state | nss:3.28.4-8.el7 |
Low | CVE-2018-1000121 | nss-pem | 1.0.3-4.el7 | 1.0.3-5.el7 | curl: LDAP NULL pointer dereference | nss-pem:1.0.3-4.el7 |
Low | CVE-2019-11727 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 | nss-softokn:3.28.3-6.el7 |
Low | CVE-2019-17023 | nss-softokn | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state | nss-softokn:3.28.3-6.el7 |
Low | CVE-2019-11727 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 | nss-softokn-freebl:3.28.3-6.el7 |
Low | CVE-2019-17023 | nss-softokn-freebl | 3.28.3-6.el7 | 3.53.1-6.el7_9 | nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state | nss-softokn-freebl:3.28.3-6.el7 |
Low | CVE-2019-11727 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 | nss-sysinit:3.28.4-8.el7 |
Low | CVE-2019-17023 | nss-sysinit | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state | nss-sysinit:3.28.4-8.el7 |
Low | CVE-2019-11727 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 | nss-tools:3.28.4-8.el7 |
Low | CVE-2019-17023 | nss-tools | 3.28.4-8.el7 | 3.53.1-3.el7_9 | nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state | nss-tools:3.28.4-8.el7 |
Low | CVE-2019-11727 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 | nss-util:3.28.4-3.el7 |
Low | CVE-2019-17023 | nss-util | 3.28.4-3.el7 | 3.53.1-1.el7_9 | nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state | nss-util:3.28.4-3.el7 |
Low | CVE-2017-3735 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-16.el7 | openssl: Malformed X.509 IPAdressFamily could cause OOB read | openssl-libs:1:1.0.2k-8.el7 |
Low | CVE-2017-3738 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-12.el7 | openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 | openssl-libs:1:1.0.2k-8.el7 |
Low | CVE-2018-0734 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-19.el7 | openssl: timing side channel attack in the DSA signature algorithm | openssl-libs:1:1.0.2k-8.el7 |
Low | CVE-2018-0735 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-16.el7_6.1 | openssl: timing side channel attack in the ECDSA signature generation | openssl-libs:1:1.0.2k-8.el7 |
Low | CVE-2018-0737 | openssl-libs | 1:1.0.2k-8.el7 | 1:1.0.2k-16.el7 | openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys | openssl-libs:1:1.0.2k-8.el7 |
Low | CVE-2018-1060 | python | 2.7.5-58.el7 | 2.7.5-76.el7 | python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib | python:2.7.5-58.el7 |
Low | CVE-2018-1060 | python-libs | 2.7.5-58.el7 | 2.7.5-76.el7 | python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib | python-libs:2.7.5-58.el7 |
Low | CVE-2018-1113 | setup | 2.8.71-7.el7 | 2.8.71-10.el7 | setup: nologin listed in /etc/shells violates security expectations | setup:2.8.71-7.el7 |
Low | CVE-2018-16888 | systemd | 219-42.el7 | 219-67.el7 | systemd: kills privileged process if unprivileged PIDFile was tampered | systemd:219-42.el7 |
Low | CVE-2019-20386 | systemd | 219-42.el7 | 219-78.el7 | systemd: memory leak in button_open() in login/logind-button.c when udev events are received | systemd:219-42.el7 |
Low | CVE-2019-3815 | systemd | 219-42.el7 | 219-62.el7_6.3 | systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 | systemd:219-42.el7 |
Low | CVE-2018-16888 | systemd-libs | 219-42.el7 | 219-67.el7 | systemd: kills privileged process if unprivileged PIDFile was tampered | systemd-libs:219-42.el7 |
Low | CVE-2019-20386 | systemd-libs | 219-42.el7 | 219-78.el7 | systemd: memory leak in button_open() in login/logind-button.c when udev events are received | systemd-libs:219-42.el7 |
Low | CVE-2019-3815 | systemd-libs | 219-42.el7 | 219-62.el7_6.3 | systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 | systemd-libs:219-42.el7 |
Low | CVE-2017-3589 | mysql:mysql-connector-java | 5.1.25 | 5.1.42 | mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017) | mysql:mysql-connector-java:5.1.25 |
Low | CVE-2020-2933 | mysql:mysql-connector-java | 5.1.25 | 5.1.49 | mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS | mysql:mysql-connector-java:5.1.25 |
Low | CVE-2021-34428 | org.eclipse.jetty:jetty-server | 8.1.14.v20131031 | 9.4.40.v20210413, 10.0.3, 11.0.3 | jetty: SessionListener can prevent a session from being invalidated breaking logout | org.eclipse.jetty:jetty-server:8.1.14.v20131031 |
Command
ADD file:d6a1da927f0b7a710092fca7e3f021d2757fa3006cdbda3fe0898114832eda9b in /
Vulnerable packages, installed in this layer 6 years ago
Command
LABEL name=CentOS Base Image vendor=CentOS license=GPLv2 build-date=20170911
Command
CMD ["/bin/bash"]
Command
MAINTAINER wolv "284530332@qq.com"
Command
ADD dir:520fec6ada9e714f8fd50718cf76b33a0c7b3556b202e47a0346dcfa550753aa in /opt/jdk1.7.0_80
Vulnerable packages, installed in this layer 6 years ago
Command
ADD dir:2d940afb8f4631d04840f17812793bbc0ad31f4477e93ee5ff5ed54981bcfeb2 in /opt/apache-tomcat
Vulnerable package, installed in this layer 6 years ago
Command
ENV JAVA_HOME=/opt/jdk1.7.0_80
Command
ENV CATALINA_HOME=/opt/apache-tomcat
Command
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/jdk1.7.0_80/bin:/opt/apache-tomcat/bin
Command
EXPOSE 8080/tcp 8443/tcp 9004/tcp
Command
ENTRYPOINT ["/bin/sh" "-c" "/opt/apache-tomcat/bin/catalina.sh run"]
Dynamic Analysis Results
The following graph outlines the most important system events generated by the container:
The container starts a service that renders the following contents over port 8080:
The container produces the following text output: