jsindy/bitcoind-regtest
Region: us-east-1
Scan Summary
High vulnerabilities
16Malicious files
0Last scan
1 year, 9 months ago
Type of scan
Prevasio CSPMScan duration
1 minute and 1 secondImage Details
Image URI
jsindy/bitcoind-regtestImage tags
0.1Digest
—Created
6 years ago
Compressed size
52.28 MBUncompressed size
100.9 MBOS/architecture
linux/amd64OS distribution
ubuntu 16.04Working directory
bitcoinENTRYPOINT
docker-entrypoint.shCMD
btc_oneshotUser
—Ports
18332/tcp18333/tcp
8332/tcp
8333/tcp
Volumes
/bitcoinEnvironment variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOME=/bitcoin
USER_ID=1000
GROUP_ID=1000
GOSU_VERSION=1.7
Overview
Critical
0High
16Medium
109Low
82Informational
0Vulnerabilities (207)
Severity | Name | Package | Version | Fixed in | Description | Package:version |
---|---|---|---|---|---|---|
High | CVE-2019-3462 | apt | 1.2.24 | 1.2.29ubuntu0.1 | Incorrect sanitation of the 302 redirect field in HTTP transport metho ... | apt:1.2.24 |
High | CVE-2019-3462 | libapt-pkg5.0 | 1.2.24 | 1.2.29ubuntu0.1 | Incorrect sanitation of the 302 redirect field in HTTP transport metho ... | libapt-pkg5.0:1.2.24 |
High | CVE-2018-1000001 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation | libc-bin:2.23-0ubuntu9 |
High | CVE-2018-1000001 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation | libc6:2.23-0ubuntu9 |
High | CVE-2020-1971 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.18 | openssl: EDIPARTYNAME NULL pointer de-reference | libssl1.0.0:1.0.2g-1ubuntu4.8 |
High | CVE-2018-16864 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: stack overflow when calling syslog from a command with long cmdline | libsystemd0:229-4ubuntu19 |
High | CVE-2018-16865 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: stack overflow when receiving many journald entries | libsystemd0:229-4ubuntu19 |
High | CVE-2018-16864 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: stack overflow when calling syslog from a command with long cmdline | libudev1:229-4ubuntu19 |
High | CVE-2018-16865 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: stack overflow when receiving many journald entries | libudev1:229-4ubuntu19 |
High | CVE-2019-13132 | libzmq5 | 4.1.4-7 | 4.1.4-7ubuntu0.1 | zeromq: stack-overflow on any server protected by encryption/authentication | libzmq5:4.1.4-7 |
High | CVE-2018-1000001 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation | multiarch-support:2.23-0ubuntu9 |
High | CVE-2020-1971 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.18 | openssl: EDIPARTYNAME NULL pointer de-reference | openssl:1.0.2g-1ubuntu4.8 |
High | CVE-2018-16864 | systemd | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: stack overflow when calling syslog from a command with long cmdline | systemd:229-4ubuntu19 |
High | CVE-2018-16865 | systemd | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: stack overflow when receiving many journald entries | systemd:229-4ubuntu19 |
High | CVE-2018-16864 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: stack overflow when calling syslog from a command with long cmdline | systemd-sysv:229-4ubuntu19 |
High | CVE-2018-16865 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: stack overflow when receiving many journald entries | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2020-27350 | apt | 1.2.24 | 1.2.32ubuntu0.2 | apt: integer overflows and underflows while parsing .deb packages | apt:1.2.24 |
Medium | CVE-2020-3810 | apt | 1.2.24 | 1.2.32ubuntu0.1 | Missing input validation in the ar/tar implementations of APT before v ... | apt:1.2.24 |
Medium | CVE-2019-5094 | e2fslibs | 1.42.13-1ubuntu1 | 1.42.13-1ubuntu1.1 | e2fsprogs: Crafted ext4 partition leads to out-of-bounds write | e2fslibs:1.42.13-1ubuntu1 |
Medium | CVE-2019-5188 | e2fslibs | 1.42.13-1ubuntu1 | 1.42.13-1ubuntu1.2 | e2fsprogs: Out-of-bounds write in e2fsck/rehash.c | e2fslibs:1.42.13-1ubuntu1 |
Medium | CVE-2019-5094 | e2fsprogs | 1.42.13-1ubuntu1 | 1.42.13-1ubuntu1.1 | e2fsprogs: Crafted ext4 partition leads to out-of-bounds write | e2fsprogs:1.42.13-1ubuntu1 |
Medium | CVE-2019-5188 | e2fsprogs | 1.42.13-1ubuntu1 | 1.42.13-1ubuntu1.2 | e2fsprogs: Out-of-bounds write in e2fsck/rehash.c | e2fsprogs:1.42.13-1ubuntu1 |
Medium | CVE-2017-7526 | gnupg | 1.4.20-1ubuntu3.1 | 1.4.20-1ubuntu3.3 | libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery | gnupg:1.4.20-1ubuntu3.1 |
Medium | CVE-2018-12020 | gnupg | 1.4.20-1ubuntu3.1 | 1.4.20-1ubuntu3.2 | gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification | gnupg:1.4.20-1ubuntu3.1 |
Medium | CVE-2017-7526 | gpgv | 1.4.20-1ubuntu3.1 | 1.4.20-1ubuntu3.3 | libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery | gpgv:1.4.20-1ubuntu3.1 |
Medium | CVE-2018-12020 | gpgv | 1.4.20-1ubuntu3.1 | 1.4.20-1ubuntu3.2 | gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification | gpgv:1.4.20-1ubuntu3.1 |
Medium | CVE-2020-27350 | libapt-pkg5.0 | 1.2.24 | 1.2.32ubuntu0.2 | apt: integer overflows and underflows while parsing .deb packages | libapt-pkg5.0:1.2.24 |
Medium | CVE-2020-3810 | libapt-pkg5.0 | 1.2.24 | 1.2.32ubuntu0.1 | Missing input validation in the ar/tar implementations of APT before v ... | libapt-pkg5.0:1.2.24 |
Medium | CVE-2019-12900 | libbz2-1.0 | 1.0.6-8 | 1.0.6-8ubuntu0.2 | bzip2: out-of-bounds write in function BZ2_decompress | libbz2-1.0:1.0.6-8 |
Medium | CVE-2017-18269 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: memory corruption in memcpy-sse2-unaligned.S | libc-bin:2.23-0ubuntu9 |
Medium | CVE-2018-11236 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow | libc-bin:2.23-0ubuntu9 |
Medium | CVE-2018-11237 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper | libc-bin:2.23-0ubuntu9 |
Medium | CVE-2018-6485 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Integer overflow in posix_memalign in memalign functions | libc-bin:2.23-0ubuntu9 |
Medium | CVE-2020-1751 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: array overflow in backtrace functions for powerpc | libc-bin:2.23-0ubuntu9 |
Medium | CVE-2017-18269 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: memory corruption in memcpy-sse2-unaligned.S | libc6:2.23-0ubuntu9 |
Medium | CVE-2018-11236 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow | libc6:2.23-0ubuntu9 |
Medium | CVE-2018-11237 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper | libc6:2.23-0ubuntu9 |
Medium | CVE-2018-6485 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Integer overflow in posix_memalign in memalign functions | libc6:2.23-0ubuntu9 |
Medium | CVE-2020-1751 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: array overflow in backtrace functions for powerpc | libc6:2.23-0ubuntu9 |
Medium | CVE-2019-5094 | libcomerr2 | 1.42.13-1ubuntu1 | 1.42.13-1ubuntu1.1 | e2fsprogs: Crafted ext4 partition leads to out-of-bounds write | libcomerr2:1.42.13-1ubuntu1 |
Medium | CVE-2019-5188 | libcomerr2 | 1.42.13-1ubuntu1 | 1.42.13-1ubuntu1.2 | e2fsprogs: Out-of-bounds write in e2fsck/rehash.c | libcomerr2:1.42.13-1ubuntu1 |
Medium | CVE-2017-10140 | libdb5.3 | 5.3.28-11 | 5.3.28-11ubuntu0.1 | libdb: Reads DB_CONFIG from the current working directory | libdb5.3:5.3.28-11 |
Medium | CVE-2019-8457 | libdb5.3 | 5.3.28-11 | 5.3.28-11ubuntu0.2 | sqlite: heap out-of-bound read in function rtreenode() | libdb5.3:5.3.28-11 |
Medium | CVE-2019-13627 | libgcrypt20 | 1.6.5-2ubuntu0.3 | 1.6.5-2ubuntu0.6 | libgcrypt: ECDSA timing attack allowing private key leak | libgcrypt20:1.6.5-2ubuntu0.3 |
Medium | CVE-2017-14062 | libidn11 | 1.32-3ubuntu1.1 | 1.32-3ubuntu1.2 | libidn2: Integer overflow in puny_decode.c/decode_digit | libidn11:1.32-3ubuntu1.1 |
Medium | CVE-2017-1000494 | libminiupnpc10 | 1.9.20140610-2ubuntu2.16.04.1 | 1.9.20140610-2ubuntu2.16.04.2 | Uninitialized stack variable vulnerability in NameValueParserEndElt (u ... | libminiupnpc10:1.9.20140610-2ubuntu2.16.04.1 |
Medium | CVE-2018-1122 | libprocps4 | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: Local privilege escalation in top | libprocps4:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2018-1123 | libprocps4 | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: denial of service in ps via mmap buffer overflow | libprocps4:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2018-1124 | libprocps4 | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: Integer overflows leading to heap overflow in file2strvec | libprocps4:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2018-1125 | libprocps4 | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: stack buffer overflow in pgrep | libprocps4:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2018-1126 | libprocps4 | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues | libprocps4:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2019-9893 | libseccomp2 | 2.2.3-3ubuntu3 | 2.4.1-0ubuntu0.16.04.2 | libseccomp: incorrect generation of syscall filters in libseccomp | libseccomp2:2.2.3-3ubuntu3 |
Medium | CVE-2019-5094 | libss2 | 1.42.13-1ubuntu1 | 1.42.13-1ubuntu1.1 | e2fsprogs: Crafted ext4 partition leads to out-of-bounds write | libss2:1.42.13-1ubuntu1 |
Medium | CVE-2019-5188 | libss2 | 1.42.13-1ubuntu1 | 1.42.13-1ubuntu1.2 | e2fsprogs: Out-of-bounds write in e2fsck/rehash.c | libss2:1.42.13-1ubuntu1 |
Medium | CVE-2017-3736 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.9 | openssl: bn_sqrx8x_internal carry bug on x86_64 | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Medium | CVE-2017-3737 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.10 | openssl: Read/write after SSL object in error state | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Medium | CVE-2018-0739 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.11 | openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Medium | CVE-2019-1559 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.15 | openssl: 0-byte record padding oracle | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Medium | CVE-2021-23841 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.19 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Medium | CVE-2017-15908 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.1 | systemd: Infinite loop in the dns_packet_read_type_window() function | libsystemd0:229-4ubuntu19 |
Medium | CVE-2018-1049 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.1 | systemd: automount: access to automounted volumes can lock up | libsystemd0:229-4ubuntu19 |
Medium | CVE-2018-15686 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.8 | systemd: line splitting via fgets() allows for state injection during daemon-reexec | libsystemd0:229-4ubuntu19 |
Medium | CVE-2018-15687 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.8 | systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges | libsystemd0:229-4ubuntu19 |
Medium | CVE-2018-15688 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.6 | systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling | libsystemd0:229-4ubuntu19 |
Medium | CVE-2018-16866 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: out-of-bounds read when parsing a crafted syslog message | libsystemd0:229-4ubuntu19 |
Medium | CVE-2018-6954 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files | libsystemd0:229-4ubuntu19 |
Medium | CVE-2019-3842 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.21 | systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" | libsystemd0:229-4ubuntu19 |
Medium | CVE-2019-6454 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.16 | systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash | libsystemd0:229-4ubuntu19 |
Medium | CVE-2020-1712 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: use-after-free when asynchronous polkit queries are performed | libsystemd0:229-4ubuntu19 |
Medium | CVE-2017-15908 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.1 | systemd: Infinite loop in the dns_packet_read_type_window() function | libudev1:229-4ubuntu19 |
Medium | CVE-2018-1049 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.1 | systemd: automount: access to automounted volumes can lock up | libudev1:229-4ubuntu19 |
Medium | CVE-2018-15686 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.8 | systemd: line splitting via fgets() allows for state injection during daemon-reexec | libudev1:229-4ubuntu19 |
Medium | CVE-2018-15687 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.8 | systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges | libudev1:229-4ubuntu19 |
Medium | CVE-2018-15688 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.6 | systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling | libudev1:229-4ubuntu19 |
Medium | CVE-2018-16866 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: out-of-bounds read when parsing a crafted syslog message | libudev1:229-4ubuntu19 |
Medium | CVE-2018-6954 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files | libudev1:229-4ubuntu19 |
Medium | CVE-2019-3842 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.21 | systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" | libudev1:229-4ubuntu19 |
Medium | CVE-2019-6454 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.16 | systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash | libudev1:229-4ubuntu19 |
Medium | CVE-2020-1712 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: use-after-free when asynchronous polkit queries are performed | libudev1:229-4ubuntu19 |
Medium | CVE-2017-18269 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: memory corruption in memcpy-sse2-unaligned.S | multiarch-support:2.23-0ubuntu9 |
Medium | CVE-2018-11236 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow | multiarch-support:2.23-0ubuntu9 |
Medium | CVE-2018-11237 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper | multiarch-support:2.23-0ubuntu9 |
Medium | CVE-2018-6485 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Integer overflow in posix_memalign in memalign functions | multiarch-support:2.23-0ubuntu9 |
Medium | CVE-2020-1751 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: array overflow in backtrace functions for powerpc | multiarch-support:2.23-0ubuntu9 |
Medium | CVE-2017-3736 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.9 | openssl: bn_sqrx8x_internal carry bug on x86_64 | openssl:1.0.2g-1ubuntu4.8 |
Medium | CVE-2017-3737 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.10 | openssl: Read/write after SSL object in error state | openssl:1.0.2g-1ubuntu4.8 |
Medium | CVE-2018-0739 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.11 | openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service | openssl:1.0.2g-1ubuntu4.8 |
Medium | CVE-2019-1559 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.15 | openssl: 0-byte record padding oracle | openssl:1.0.2g-1ubuntu4.8 |
Medium | CVE-2021-23841 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.19 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | openssl:1.0.2g-1ubuntu4.8 |
Medium | CVE-2017-12837 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.2 | perl: Heap buffer overflow in regular expression compiler | perl-base:5.22.1-9 |
Medium | CVE-2017-12883 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.2 | perl: Buffer over-read in regular expression parser | perl-base:5.22.1-9 |
Medium | CVE-2018-12015 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.5 | perl: Directory traversal in Archive::Tar | perl-base:5.22.1-9 |
Medium | CVE-2018-18311 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.6 | perl: Integer overflow leading to buffer overflow in Perl_my_setenv() | perl-base:5.22.1-9 |
Medium | CVE-2018-18312 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.6 | perl: Heap-based buffer overflow in S_handle_regex_sets() | perl-base:5.22.1-9 |
Medium | CVE-2018-18313 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.6 | perl: Heap-based buffer read overflow in S_grok_bslash_N() | perl-base:5.22.1-9 |
Medium | CVE-2018-18314 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.6 | perl: Heap-based buffer overflow in S_regatom() | perl-base:5.22.1-9 |
Medium | CVE-2018-6797 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.3 | perl: heap write overflow in regcomp.c | perl-base:5.22.1-9 |
Medium | CVE-2018-6798 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.3 | perl: heap read overflow in regexec.c | perl-base:5.22.1-9 |
Medium | CVE-2018-6913 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.3 | perl: heap buffer overflow in pp_pack.c | perl-base:5.22.1-9 |
Medium | CVE-2018-1122 | procps | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: Local privilege escalation in top | procps:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2018-1123 | procps | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: denial of service in ps via mmap buffer overflow | procps:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2018-1124 | procps | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: Integer overflows leading to heap overflow in file2strvec | procps:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2018-1125 | procps | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: stack buffer overflow in pgrep | procps:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2018-1126 | procps | 2:3.3.10-4ubuntu2.3 | 2:3.3.10-4ubuntu2.4 | procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues | procps:2:3.3.10-4ubuntu2.3 |
Medium | CVE-2017-17512 | sensible-utils | 0.0.9 | 0.0.9ubuntu0.16.04.1 | sensible-browser in sensible-utils before 0.0.11 does not validate str ... | sensible-utils:0.0.9 |
Medium | CVE-2017-15908 | systemd | 229-4ubuntu19 | 229-4ubuntu21.1 | systemd: Infinite loop in the dns_packet_read_type_window() function | systemd:229-4ubuntu19 |
Medium | CVE-2018-1049 | systemd | 229-4ubuntu19 | 229-4ubuntu21.1 | systemd: automount: access to automounted volumes can lock up | systemd:229-4ubuntu19 |
Medium | CVE-2018-15686 | systemd | 229-4ubuntu19 | 229-4ubuntu21.8 | systemd: line splitting via fgets() allows for state injection during daemon-reexec | systemd:229-4ubuntu19 |
Medium | CVE-2018-15687 | systemd | 229-4ubuntu19 | 229-4ubuntu21.8 | systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges | systemd:229-4ubuntu19 |
Medium | CVE-2018-15688 | systemd | 229-4ubuntu19 | 229-4ubuntu21.6 | systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling | systemd:229-4ubuntu19 |
Medium | CVE-2018-16866 | systemd | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: out-of-bounds read when parsing a crafted syslog message | systemd:229-4ubuntu19 |
Medium | CVE-2018-6954 | systemd | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files | systemd:229-4ubuntu19 |
Medium | CVE-2019-3842 | systemd | 229-4ubuntu19 | 229-4ubuntu21.21 | systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" | systemd:229-4ubuntu19 |
Medium | CVE-2019-6454 | systemd | 229-4ubuntu19 | 229-4ubuntu21.16 | systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash | systemd:229-4ubuntu19 |
Medium | CVE-2020-1712 | systemd | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: use-after-free when asynchronous polkit queries are performed | systemd:229-4ubuntu19 |
Medium | CVE-2017-15908 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.1 | systemd: Infinite loop in the dns_packet_read_type_window() function | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2018-1049 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.1 | systemd: automount: access to automounted volumes can lock up | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2018-15686 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.8 | systemd: line splitting via fgets() allows for state injection during daemon-reexec | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2018-15687 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.8 | systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2018-15688 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.6 | systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2018-16866 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: out-of-bounds read when parsing a crafted syslog message | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2018-6954 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.15 | systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2019-3842 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.21 | systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2019-6454 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.16 | systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash | systemd-sysv:229-4ubuntu19 |
Medium | CVE-2020-1712 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: use-after-free when asynchronous polkit queries are performed | systemd-sysv:229-4ubuntu19 |
Low | CVE-2019-9924 | bash | 4.3-14ubuntu1.2 | 4.3-14ubuntu1.4 | bash: BASH_CMD is writable in restricted bash shells | bash:4.3-14ubuntu1.2 |
Low | CVE-2016-3189 | libbz2-1.0 | 1.0.6-8 | 1.0.6-8ubuntu0.1 | bzip2: heap use after free in bzip2recover | libbz2-1.0:1.0.6-8 |
Low | CVE-2009-5155 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.3 | glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result | libc-bin:2.23-0ubuntu9 |
Low | CVE-2017-1000408 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Memory leak reachable via LD_HWCAP_MASK | libc-bin:2.23-0ubuntu9 |
Low | CVE-2017-1000409 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Buffer overflow triggerable via LD_LIBRARY_PATH | libc-bin:2.23-0ubuntu9 |
Low | CVE-2017-12133 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Use-after-free read access in clntudp_call in sunrpc | libc-bin:2.23-0ubuntu9 |
Low | CVE-2017-15670 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Buffer overflow in glob with GLOB_TILDE | libc-bin:2.23-0ubuntu9 |
Low | CVE-2017-15804 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Buffer overflow during unescaping of user names with the ~ operator | libc-bin:2.23-0ubuntu9 |
Low | CVE-2017-16997 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries | libc-bin:2.23-0ubuntu9 |
Low | CVE-2019-19126 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries | libc-bin:2.23-0ubuntu9 |
Low | CVE-2019-9169 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read | libc-bin:2.23-0ubuntu9 |
Low | CVE-2020-10029 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions | libc-bin:2.23-0ubuntu9 |
Low | CVE-2020-1752 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: use-after-free in glob() function when expanding ~user | libc-bin:2.23-0ubuntu9 |
Low | CVE-2020-6096 | libc-bin | 2.23-0ubuntu9 | 2.23-0ubuntu11.3 | glibc: signed comparison vulnerability in the ARMv7 memcpy function | libc-bin:2.23-0ubuntu9 |
Low | CVE-2009-5155 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.3 | glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result | libc6:2.23-0ubuntu9 |
Low | CVE-2017-1000408 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Memory leak reachable via LD_HWCAP_MASK | libc6:2.23-0ubuntu9 |
Low | CVE-2017-1000409 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Buffer overflow triggerable via LD_LIBRARY_PATH | libc6:2.23-0ubuntu9 |
Low | CVE-2017-12133 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Use-after-free read access in clntudp_call in sunrpc | libc6:2.23-0ubuntu9 |
Low | CVE-2017-15670 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Buffer overflow in glob with GLOB_TILDE | libc6:2.23-0ubuntu9 |
Low | CVE-2017-15804 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Buffer overflow during unescaping of user names with the ~ operator | libc6:2.23-0ubuntu9 |
Low | CVE-2017-16997 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries | libc6:2.23-0ubuntu9 |
Low | CVE-2019-19126 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries | libc6:2.23-0ubuntu9 |
Low | CVE-2019-9169 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read | libc6:2.23-0ubuntu9 |
Low | CVE-2020-10029 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions | libc6:2.23-0ubuntu9 |
Low | CVE-2020-1752 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: use-after-free in glob() function when expanding ~user | libc6:2.23-0ubuntu9 |
Low | CVE-2020-6096 | libc6 | 2.23-0ubuntu9 | 2.23-0ubuntu11.3 | glibc: signed comparison vulnerability in the ARMv7 memcpy function | libc6:2.23-0ubuntu9 |
Low | CVE-2018-0495 | libgcrypt20 | 1.6.5-2ubuntu0.3 | 1.6.5-2ubuntu0.5 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | libgcrypt20:1.6.5-2ubuntu0.3 |
Low | CVE-2017-3735 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.9 | openssl: Malformed X.509 IPAdressFamily could cause OOB read | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2017-3738 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.10 | openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-0495 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.13 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-0732 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.13 | openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-0734 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.14 | openssl: timing side channel attack in the DSA signature algorithm | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-0737 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.13 | openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-5407 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.14 | openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2019-1547 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.16 | openssl: side-channel weak encryption vulnerability | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2019-1551 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.16 | openssl: Integer overflow in RSAZ modular exponentiation on x86_64 | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2019-1563 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.16 | openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2020-1968 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.17 | openssl: Information exposure when DH secret are reused across multiple TLS connections | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2021-23840 | libssl1.0.0 | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.19 | openssl: integer overflow in CipherUpdate | libssl1.0.0:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-16888 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: kills privileged process if unprivileged PIDFile was tampered | libsystemd0:229-4ubuntu19 |
Low | CVE-2019-20386 | libsystemd0 | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: memory leak in button_open() in login/logind-button.c when udev events are received | libsystemd0:229-4ubuntu19 |
Low | CVE-2018-16888 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: kills privileged process if unprivileged PIDFile was tampered | libudev1:229-4ubuntu19 |
Low | CVE-2019-20386 | libudev1 | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: memory leak in button_open() in login/logind-button.c when udev events are received | libudev1:229-4ubuntu19 |
Low | CVE-2009-5155 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.3 | glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2017-1000408 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Memory leak reachable via LD_HWCAP_MASK | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2017-1000409 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Buffer overflow triggerable via LD_LIBRARY_PATH | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2017-12133 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: Use-after-free read access in clntudp_call in sunrpc | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2017-15670 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Buffer overflow in glob with GLOB_TILDE | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2017-15804 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Buffer overflow during unescaping of user names with the ~ operator | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2017-16997 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu10 | glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2019-19126 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2019-9169 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2020-10029 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2020-1752 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.2 | glibc: use-after-free in glob() function when expanding ~user | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2020-6096 | multiarch-support | 2.23-0ubuntu9 | 2.23-0ubuntu11.3 | glibc: signed comparison vulnerability in the ARMv7 memcpy function | multiarch-support:2.23-0ubuntu9 |
Low | CVE-2017-3735 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.9 | openssl: Malformed X.509 IPAdressFamily could cause OOB read | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2017-3738 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.10 | openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-0495 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.13 | ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-0732 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.13 | openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-0734 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.14 | openssl: timing side channel attack in the DSA signature algorithm | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-0737 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.13 | openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2018-5407 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.14 | openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2019-1547 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.16 | openssl: side-channel weak encryption vulnerability | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2019-1551 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.16 | openssl: Integer overflow in RSAZ modular exponentiation on x86_64 | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2019-1563 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.16 | openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2020-1968 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.17 | openssl: Information exposure when DH secret are reused across multiple TLS connections | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2021-23840 | openssl | 1.0.2g-1ubuntu4.8 | 1.0.2g-1ubuntu4.19 | openssl: integer overflow in CipherUpdate | openssl:1.0.2g-1ubuntu4.8 |
Low | CVE-2016-6185 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.3 | perl: XSLoader loads relative paths not included in @INC | perl-base:5.22.1-9 |
Low | CVE-2017-6512 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.3 | perl-File-Path: rmtree/remove_tree race condition | perl-base:5.22.1-9 |
Low | CVE-2020-10543 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.9 | perl: heap-based buffer overflow in regular expression compiler leads to DoS | perl-base:5.22.1-9 |
Low | CVE-2020-10878 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.9 | perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS | perl-base:5.22.1-9 |
Low | CVE-2020-12723 | perl-base | 5.22.1-9 | 5.22.1-9ubuntu0.9 | perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS | perl-base:5.22.1-9 |
Low | CVE-2018-16888 | systemd | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: kills privileged process if unprivileged PIDFile was tampered | systemd:229-4ubuntu19 |
Low | CVE-2019-20386 | systemd | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: memory leak in button_open() in login/logind-button.c when udev events are received | systemd:229-4ubuntu19 |
Low | CVE-2018-16888 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: kills privileged process if unprivileged PIDFile was tampered | systemd-sysv:229-4ubuntu19 |
Low | CVE-2019-20386 | systemd-sysv | 229-4ubuntu19 | 229-4ubuntu21.27 | systemd: memory leak in button_open() in login/logind-button.c when udev events are received | systemd-sysv:229-4ubuntu19 |
Low | CVE-2018-20482 | tar | 1.28-2.1ubuntu0.1 | 1.28-2.1ubuntu0.2 | tar: Infinite read loop in sparse_dump_region function in sparse.c | tar:1.28-2.1ubuntu0.1 |
Low | CVE-2019-9923 | tar | 1.28-2.1ubuntu0.1 | 1.28-2.1ubuntu0.2 | tar: null-pointer dereference in pax_decode_header in sparse.c | tar:1.28-2.1ubuntu0.1 |
Low | CVE-2016-9840 | zlib1g | 1:1.2.8.dfsg-2ubuntu4.1 | 1:1.2.8.dfsg-2ubuntu4.3 | zlib: Out-of-bounds pointer arithmetic in inftrees.c | zlib1g:1:1.2.8.dfsg-2ubuntu4.1 |
Low | CVE-2016-9841 | zlib1g | 1:1.2.8.dfsg-2ubuntu4.1 | 1:1.2.8.dfsg-2ubuntu4.3 | zlib: Out-of-bounds pointer arithmetic in inffast.c | zlib1g:1:1.2.8.dfsg-2ubuntu4.1 |
Low | CVE-2016-9842 | zlib1g | 1:1.2.8.dfsg-2ubuntu4.1 | 1:1.2.8.dfsg-2ubuntu4.3 | zlib: Undefined left shift of negative number | zlib1g:1:1.2.8.dfsg-2ubuntu4.1 |
Low | CVE-2016-9843 | zlib1g | 1:1.2.8.dfsg-2ubuntu4.1 | 1:1.2.8.dfsg-2ubuntu4.3 | zlib: Big-endian out-of-bounds pointer | zlib1g:1:1.2.8.dfsg-2ubuntu4.1 |
Command
ADD file:39d3593ea220e686d5450244ef9dd6c934e3b288a29212d332ec33942b7bf218 in /
Vulnerable packages, installed in this layer 6 years ago
Command
RUN set -xe &&
echo '#!/bin/sh' > /usr/sbin/policy-rc.d &&
echo 'exit 101' >> /usr/sbin/policy-rc.d &&
chmod +x /usr/sbin/policy-rc.d &&
dpkg-divert --local --rename --add /sbin/initctl &&
cp -a /usr/sbin/policy-rc.d /sbin/initctl &&
sed -i 's/^exit.*/exit 0/' /sbin/initctl &&
echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup &&
echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean &&
echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean &&
echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean &&
echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages &&
echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes &&
echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests
Command
RUN rm -rf /var/lib/apt/lists/*
Command
RUN sed -i 's/^#\s*\(deb.*universe\)$/\1/g' /etc/apt/sources.list
Command
RUN mkdir -p /run/systemd &&
echo 'docker' > /run/systemd/container
Command
CMD ["/bin/bash"]
Command
MAINTAINER Kyle Manna <kyle@kylemanna.com>
Command
ARG USER_ID
Command
ARG GROUP_ID
Command
ENV HOME=/bitcoin
Command
ENV USER_ID=1000
Command
ENV GROUP_ID=1000
Command
RUN groupadd -g ${GROUP_ID} bitcoin &&
useradd -u ${USER_ID} -g bitcoin -s /bin/bash -m -d /bitcoin bitcoin
Command
RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C70EF1F0305A1ADB9986DBD8D46F45428842CE5E &&
echo "deb http://ppa.launchpad.net/bitcoin/bitcoin/ubuntu xenial main" > /etc/apt/sources.list.d/bitcoin.list
Command
RUN apt-get update &&
apt-get install -y --no-install-recommends bitcoind &&
apt-get clean &&
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
Vulnerable packages, installed in this layer 6 years ago
Command
ENV GOSU_VERSION=1.7
Command
RUN set -x &&
apt-get update &&
apt-get install -y --no-install-recommends ca-certificates wget &&
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture)" &&
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$(dpkg --print-architecture).asc" &&
export GNUPGHOME="$(mktemp -d)" &&
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 &&
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu &&
rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc &&
chmod +x /usr/local/bin/gosu &&
gosu nobody true &&
apt-get purge -y ca-certificates wget &&
apt-get clean &&
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
Vulnerable packages, installed in this layer 6 years ago
Command
ADD dir:44dc435ddfdec804306206aadaf36c44aa1a3dbd05e63f2e58baf483454d7e38 in /usr/local/bin
Command
VOLUME [/bitcoin]
Command
EXPOSE 18332/tcp 18333/tcp 8332/tcp 8333/tcp
Command
WORKDIR /bitcoin
Command
COPY file:21421837b3708ff9c2d26ddb2070908d2d3b65ddc034f9d9a7320ca6f480bd5c in /usr/local/bin/
Command
ENTRYPOINT ["docker-entrypoint.sh"]
Command
CMD ["btc_oneshot"]
Command
ADD file:439f5827aebb85173c74251eff0fc7f2f52c1b8dff6d1c0e6171505c53529536 in /usr/local/bin/btc_init
Default executable script of the image: usr/local/bin/docker-entrypoint.sh
#!/bin/sh
set -e
# first arg is `-f` or `--some-option`
# or first arg is `something.conf`
if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
set -- btc_oneshot "$@"
fi
# allow the container to be started with `--user`
if [ "$1" = 'btc_oneshot' -a "$(id -u)" = '0' ]; then
chown -R bitcoin .
exec gosu bitcoin "$0" "$@"
fi
exec "$@"
Dynamic Analysis Results
The following graph outlines the most important system events generated by the container:
The container made the following DNS requests:
Request | Response |
---|---|
A → bitcoin.sipa.be |
CNAME → zps.sipa.be A → 144.217.240.89 |
AAAA → bitcoin.sipa.be |
CNAME → zps.sipa.be AAAA → 2607:5300:201:3100::3b74 |
A → x9.dnsseed.bluematt.me |
A → 5.81.226.135 A → 96.35.53.251 A → 142.112.207.147 A → 81.173.139.14 A → 81.251.223.139 A → 2.230.9.7 A → 46.19.139.118 A → 73.56.202.198 A → 182.52.17.36 A → 95.217.46.214 A → 83.243.133.228 A → 175.43.241.166 A → 18.188.71.57 A → 157.131.198.112 A → 212.5.22.123 A → 47.198.204.108 A → 195.248.240.78 A → 178.128.160.206 A → 152.231.121.236 A → 85.208.69.12 A → 173.31.2.65 |
AAAA → x9.dnsseed.bluematt.me |
AAAA → 2a01:4f8:191:62c6::2 AAAA → 2a02:1210:90e5:ee00:6d37:a744:bd4e:40ac AAAA → 2001:268:c203:9036:4b7:c821:c04:1976 AAAA → 2001:999:780:b642:8494:e525:4b00:1a74 AAAA → 2804:7958:221:c600:d469:c18b:8bd6:edc4 AAAA → 2a01:36d:120:d004:712f:bd4c:7770:a483 AAAA → 2603:8081:2804:4253:58ee:9dbf:fde0:513b AAAA → 2800:bf0:160:2f77:465a:4222:16d2:852d AAAA → 2001:14bb:69b:7ad7:3dac:7eae:a6ad:fe80 AAAA → 2001:44c8:4180:6af9:81ce:4a7d:9c14:2035 |
AAAA → bluematt.me | AAAA → 2620:6e:a003:1:0:bad:cafe:6 |
A → bluematt.me | A → 208.68.6.54 |
AAAA → dashjr.org | AAAA → 2001:470:88ff:2e::1 |
A → dashjr.org |
A → 192.3.11.24 A → 192.3.11.20 |
AAAA → x9.seed.bitcoinstats.com |
AAAA → 2a01:e0a:252:6bd0::2 AAAA → 2a01:4f8:141:54cd::2 AAAA → 2600:1f11:b5e:2a03:a1a9:b7de:41ff:5fc AAAA → 2a05:d012:42a:5703:2a4:e8f5:f28f:b157 AAAA → 2804:d57:5537:4800:3e7c:3fff:fe7b:80aa AAAA → 2a01:4f9:c010:4969::1 AAAA → 2406:da14:335:b601:ceb7:b4fc:a855:f3a5 AAAA → 2600:1700:22f1:641f:e8:39c8:eb1d:a1eb AAAA → 2a01:4f8:190:5176::123 AAAA → 2a00:1398:4:2a03::14 AAAA → 2a03:b0c0:1:e0::77e:4001 AAAA → 2a01:4f9:2a:112d::2 |
A → bitcoinstats.com |
A → 104.21.25.120 A → 172.67.134.54 |
AAAA → bitcoinstats.com |
AAAA → 2606:4700:3033::6815:1978 AAAA → 2606:4700:3035::ac43:8636 |
The container attempts to connect to the following remote hosts:
IP address | Domain | Location | Coordinates | ASN organization |
---|---|---|---|---|
63.227.116.162 | — | Littleton, United States | 39.5892, -105.1359 | CENTURYLINK-US-LEGACY-QWEST |
23.175.0.202 | — | United States | 37.751, -97.822 | JCOLO |
18.188.71.57 | x9.dnsseed.bluematt.me | Columbus, United States | 39.9625, -83.0061 | AMAZON-02 |
95.217.46.214 | x9.dnsseed.bluematt.me | Helsinki, Finland | 60.1719, 24.9347 | Hetzner Online GmbH |
73.56.202.198 | x9.dnsseed.bluematt.me | Fort Lauderdale, United States | 26.1486, -80.2768 | COMCAST-7922 |
159.89.182.64 | — | Clifton, United States | 40.8364, -74.1403 | DIGITALOCEAN-ASN |
46.72.238.17 | — | Voronezh, Russia | 51.6451, 39.1708 | Net By Net Holding LLC |
98.109.159.216 | — | Toms River, United States | 39.9769, -74.1601 | UUNET |
161.117.239.176 | — | Singapore, Singapore | 1.2923, 103.8195 | Alibaba US Technology Co., Ltd. |
67.210.228.203 | — | Plano, United States | 33.0287, -96.6826 | GLOBAL-IP-NETWORKS |
76.69.213.152 | — | Blainville, Canada | 45.6742, -73.8754 | BACOM |
168.119.172.142 | — | Germany | 51.2993, 9.491 | Hetzner Online GmbH |
75.172.51.91 | — | Seattle, United States | 47.6901, -122.3747 | CENTURYLINK-US-LEGACY-QWEST |
34.247.49.32 | — | Dublin, Ireland | 53.3382, -6.2591 | AMAZON-02 |
192.3.11.20 | dashjr.org | Detroit, United States | 42.4248, -83.1951 | AS-COLOCROSSING |
206.189.62.14 | — | Frankfurt am Main, Germany | 50.1188, 8.6843 | DIGITALOCEAN-ASN |
65.20.68.185 | — | Mumbai, India | 19.0748, 72.8856 | AS-CHOOPA |
15.161.54.116 | — | Milan, Italy | 45.4722, 9.1922 | AMAZON-02 |
178.128.160.206 | x9.dnsseed.bluematt.me | London, United Kingdom | 51.5368, -0.6718 | DIGITALOCEAN-ASN |
195.248.240.78 | x9.dnsseed.bluematt.me | Nuremberg, Germany | 49.4527, 11.0783 | BitCommand |
188.165.224.88 | — | France | 48.8582, 2.3387 | OVH SAS |
192.3.11.24 | dashjr.org | Detroit, United States | 42.4248, -83.1951 | AS-COLOCROSSING |
136.243.15.245 | — | Germany | 51.2993, 9.491 | Hetzner Online GmbH |
46.19.139.118 | x9.dnsseed.bluematt.me | Zurich, Switzerland | 47.3682, 8.5671 | Private Layer INC |
192.241.145.8 | — | North Bergen, United States | 40.793, -74.0247 | DIGITALOCEAN-ASN |
47.198.204.108 | x9.dnsseed.bluematt.me | Tampa, United States | 28.0475, -82.6148 | FRONTIER-FRTR |
143.110.159.19 | — | Santa Clara, United States | 37.3931, -121.962 | DIGITALOCEAN-ASN |
144.217.240.89 | bitcoin.sipa.be | Beauharnois, Canada | 45.3161, -73.8736 | OVH SAS |
85.208.69.12 | x9.dnsseed.bluematt.me | France | 48.8582, 2.3387 | Three Fourteen SASU |
103.99.170.210 | — | Japan | 35.6897, 139.6895 | WIZ K.K. |
64.71.74.75 | — | West Palm Beach, United States | 26.6715, -80.0571 | CLOUD-SOUTH |
34.66.138.202 | — | Council Bluffs, United States | 41.2591, -95.8517 | GOOGLE-CLOUD-PLATFORM |
24.16.43.77 | — | Sammamish, United States | 47.626, -122.0404 | COMCAST-7922 |
135.180.218.58 | — | Berkeley, United States | 37.8767, -122.2676 | AS-SONICTELECOM |
176.9.156.51 | — | Germany | 51.2993, 9.491 | Hetzner Online GmbH |
104.54.215.47 | — | Leander, United States | 30.5875, -97.8535 | ATT-INTERNET4 |
157.175.59.43 | — | Bahrain | 26.0333, 50.55 | AMAZON-02 |
217.251.128.8 | — | Warendorf, Germany | 51.9503, 7.9855 | Deutsche Telekom AG |
200.6.250.234 | — | Guatemala City, Guatemala | 14.6343, -90.5155 | Telgua |
76.79.12.236 | — | Columbus, United States | 41.4294, -97.3681 | TWC-11427-TEXAS |
104.21.25.120 | bitcoinstats.com | San Francisco, United States | 37.7621, -122.3971 | Cloudflare, Inc. |
83.243.133.228 | x9.dnsseed.bluematt.me | Ålesund, Norway | 62.4649, 6.1287 | Telia Norge AS |
80.218.132.218 | — | Le Landeron, Switzerland | 47.0555, 7.0758 | Liberty Global B.V. |
142.112.207.147 | x9.dnsseed.bluematt.me | Toronto, Canada | 43.64, -79.433 | BACOM |
152.231.121.236 | x9.dnsseed.bluematt.me | Santiago, Chile | -33.4513, -70.6653 | ENTEL CHILE S.A. |
90.163.172.139 | — | Murcia, Spain | 37.9921, -1.1201 | Orange Espagne SA |
173.31.2.65 | x9.dnsseed.bluematt.me | Ankeny, United States | 41.7185, -93.5646 | MEDIACOM-ENTERPRISE-BUSINESS |
83.148.241.167 | — | Salo, Finland | 60.4013, 23.1072 | Lounea Palvelut Oy |
77.20.48.67 | — | Bremerhaven, Germany | 53.5026, 8.5977 | Vodafone GmbH |
95.105.186.195 | — | Bratislava, Slovakia | 48.1833, 17.0379 | Orange Slovensko a.s. |
34.125.46.3 | — | Las Vegas, United States | 36.1685, -115.1164 | GOOGLE-CLOUD-PLATFORM |
149.167.99.190 | — | Brisbane, Australia | -27.4679, 153.0325 | Belong Telstra Corporation |
5.45.83.20 | — | Moscow, Russia | 55.7483, 37.6171 | RECONN LLC |
15.228.89.32 | — | São Paulo, Brazil | -23.5335, -46.6359 | AMAZON-02 |
52.173.135.208 | — | Des Moines, United States | 41.6021, -93.6124 | MICROSOFT-CORP-MSN-AS-BLOCK |
213.142.166.32 | — | Brügg, Switzerland | 47.1213, 7.2803 | Evard Antennenbau AG |
88.212.44.33 | — | Humenné, Slovakia | 48.9372, 21.9201 | ANTIK Telecom s.r.o |
34.249.21.210 | — | Dublin, Ireland | 53.3382, -6.2591 | AMAZON-02 |
206.123.112.180 | — | United States | 37.751, -97.822 | AS-TIERP-30496 |
69.138.254.191 | — | Baltimore, United States | 39.3645, -76.6069 | COMCAST-7922 |
23.233.107.21 | — | Montreal, Canada | 45.5422, -73.5445 | TEKSAVVY |
73.111.229.10 | — | Vernon Hills, United States | 42.2284, -87.9722 | COMCAST-7922 |
148.251.121.185 | — | Braunlage, Germany | 51.7262, 10.6142 | Hetzner Online GmbH |
34.64.144.84 | — | Seoul, South Korea | 37.5794, 126.9754 | Google Asia Pacific Pte. Ltd. |
47.243.121.223 | — | Central, Hong Kong | 22.2908, 114.1501 | Alibaba US Technology Co., Ltd. |
172.67.134.54 | bitcoinstats.com | United States | 37.751, -97.822 | CLOUDFLARENET |
5.81.226.135 | x9.dnsseed.bluematt.me | Burscough, United Kingdom | 53.6081, -2.822 | British Telecommunications PLC |
5.196.69.107 | — | France | 48.8582, 2.3387 | OVH SAS |
64.156.192.61 | — | United States | 37.751, -97.822 | M5HOSTING |
185.25.48.114 | — | Lithuania | 55.4167, 24.0 | Informacines sistemos ir technologijos, UAB |
54.39.156.171 | — | Québec, Canada | 46.8038, -71.2461 | OVH SAS |
95.211.189.3 | — | Netherlands | 52.3824, 4.8995 | LeaseWeb Netherlands B.V. |
84.201.143.124 | — | Russia | 55.7386, 37.6068 | Yandex.Cloud LLC |
2.230.9.7 | x9.dnsseed.bluematt.me | Milan, Italy | 45.4722, 9.1922 | Fastweb |
81.173.139.14 | x9.dnsseed.bluematt.me | Cologne, Germany | 50.9301, 6.9544 | NetCologne Gesellschaft fur Telekommunikation mbH |
31.191.186.39 | — | Italy | 43.1479, 12.1097 | Wind Tre S.p.A. |
139.177.184.116 | — | Singapore, Singapore | 1.3036, 103.8554 | Linode, LLC |
96.35.53.251 | x9.dnsseed.bluematt.me | Fenton, United States | 38.4998, -90.465 | CHARTER-20115 |
208.68.6.54 | bluematt.me | United States | 37.751, -97.822 | AS-OKI |
182.52.17.36 | x9.dnsseed.bluematt.me | Thon Buri, Thailand | 13.7088, 100.4842 | TOT Public Company Limited |
5.9.104.23 | — | Germany | 51.2993, 9.491 | Hetzner Online GmbH |
34.82.210.229 | — | The Dalles, United States | 45.5999, -121.1871 | GOOGLE-CLOUD-PLATFORM |
71.163.157.47 | — | Chantilly, United States | 38.8976, -77.5109 | UUNET |
74.213.251.168 | — | Los Angeles, United States | 34.0322, -118.2836 | CSSBB |
45.129.180.214 | — | Germany | 51.2993, 9.491 | netcup GmbH |
5.9.158.123 | — | Bad Sackingen, Germany | 47.5534, 7.9519 | Hetzner Online GmbH |
15.207.19.192 | — | Mumbai, India | 19.0748, 72.8856 | AMAZON-02 |
115.68.52.240 | — | South Korea | 37.5112, 126.9741 | SMILESERV |
186.145.57.66 | — | Bogotá, Colombia | 4.6496, -74.0632 | Telmex Colombia S.A. |
157.131.198.112 | x9.dnsseed.bluematt.me | San Francisco, United States | 37.7506, -122.4121 | AS-SONICTELECOM |
175.43.241.166 | x9.dnsseed.bluematt.me | Zhangzhou, China | 24.5027, 117.6495 | CHINA UNICOM China169 Backbone |
54.238.129.38 | — | Tokyo, Japan | 35.6893, 139.6899 | AMAZON-02 |
185.215.226.67 | — | Edison, United States | 40.5237, -74.4151 | LEASEWEB-USA-NYC |
45.136.50.199 | — | Amsterdam, Netherlands | 52.3759, 4.8975 | Scalaxy B.V. |
172.113.6.46 | — | San Bernardino, United States | 34.2166, -117.3908 | TWC-20001-PACWEST |
212.5.22.123 | x9.dnsseed.bluematt.me | Geseke, Germany | 51.6393, 8.5106 | Plusnet GmbH |
67.162.69.225 | — | Homer Glen, United States | 41.6017, -87.9557 | COMCAST-7922 |
13.244.60.210 | — | Cape Town, South Africa | -34.0486, 18.4811 | AMAZON-02 |
81.251.223.139 | x9.dnsseed.bluematt.me | Mornant, France | 45.6199, 4.6756 | Orange |
The container starts a service that renders the following contents over port 8332:
The container produces the following text output: