| CRITICAL |
CVE-2021-33574 |
glibc: mq_notify does not handle separately allocated thread attributes |
libc-bin |
2.28-10+deb10u1 |
|
| CRITICAL |
CVE-2021-35942 |
glibc: Arbitrary read in wordexp() |
libc-bin |
2.28-10+deb10u1 |
|
| CRITICAL |
CVE-2022-23218 |
glibc: Stack-based buffer overflow in svcunix_create via long pathnames |
libc-bin |
2.28-10+deb10u1 |
|
| CRITICAL |
CVE-2022-23219 |
glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname |
libc-bin |
2.28-10+deb10u1 |
|
| CRITICAL |
CVE-2021-33574 |
glibc: mq_notify does not handle separately allocated thread attributes |
libc6 |
2.28-10+deb10u1 |
|
| CRITICAL |
CVE-2021-35942 |
glibc: Arbitrary read in wordexp() |
libc6 |
2.28-10+deb10u1 |
|
| CRITICAL |
CVE-2022-23218 |
glibc: Stack-based buffer overflow in svcunix_create via long pathnames |
libc6 |
2.28-10+deb10u1 |
|
| CRITICAL |
CVE-2022-23219 |
glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname |
libc6 |
2.28-10+deb10u1 |
|
| CRITICAL |
CVE-2019-8457 |
sqlite: heap out-of-bound read in function rtreenode() |
libdb5.3 |
5.3.28+dfsg1-0.5 |
|
| HIGH |
CVE-2022-1304 |
e2fsprogs: out-of-bounds read/write via crafted filesystem |
e2fsprogs |
1.44.5-1+deb10u3 |
|
| HIGH |
CVE-2018-12886 |
gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow prot |
gcc-8-base |
8.3.0-6 |
|
| HIGH |
CVE-2019-15847 |
gcc: POWER9 "DARN" RNG intrinsic produces repeated output |
gcc-8-base |
8.3.0-6 |
|
| HIGH |
CVE-2020-1751 |
glibc: array overflow in backtrace functions for powerpc |
libc-bin |
2.28-10+deb10u1 |
|
| HIGH |
CVE-2020-1752 |
glibc: use-after-free in glob() function when expanding ~user |
libc-bin |
2.28-10+deb10u1 |
|
| HIGH |
CVE-2021-3326 |
glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters |
libc-bin |
2.28-10+deb10u1 |
|
| HIGH |
CVE-2021-3999 |
glibc: Off-by-one buffer overflow/underflow in getcwd() |
libc-bin |
2.28-10+deb10u1 |
|
| HIGH |
CVE-2020-1751 |
glibc: array overflow in backtrace functions for powerpc |
libc6 |
2.28-10+deb10u1 |
|
| HIGH |
CVE-2020-1752 |
glibc: use-after-free in glob() function when expanding ~user |
libc6 |
2.28-10+deb10u1 |
|
| HIGH |
CVE-2021-3326 |
glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters |
libc6 |
2.28-10+deb10u1 |
|
| HIGH |
CVE-2021-3999 |
glibc: Off-by-one buffer overflow/underflow in getcwd() |
libc6 |
2.28-10+deb10u1 |
|
| HIGH |
CVE-2022-1304 |
e2fsprogs: out-of-bounds read/write via crafted filesystem |
libcom-err2 |
1.44.5-1+deb10u3 |
|
| HIGH |
CVE-2022-1304 |
e2fsprogs: out-of-bounds read/write via crafted filesystem |
libext2fs2 |
1.44.5-1+deb10u3 |
|
| HIGH |
CVE-2018-12886 |
gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow prot |
libgcc1 |
8.3.0-6 |
|
| HIGH |
CVE-2019-15847 |
gcc: POWER9 "DARN" RNG intrinsic produces repeated output |
libgcc1 |
8.3.0-6 |
|
| HIGH |
CVE-2021-33560 |
libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channe |
libgcrypt20 |
1.8.4-5+deb10u1 |
|
| HIGH |
CVE-2019-12290 |
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ... |
libidn2-0 |
2.0.5-1+deb10u1 |
|
| HIGH |
CVE-2022-29458 |
ncurses: segfaulting OOB read |
libncurses6 |
6.1+20181013-2+deb10u2 |
|
| HIGH |
CVE-2022-29458 |
ncurses: segfaulting OOB read |
libncursesw6 |
6.1+20181013-2+deb10u2 |
|
| HIGH |
CVE-2020-16156 |
perl-CPAN: Bypass of verification of signatures in CHECKSUMS files |
libperl5.28 |
5.28.1-6+deb10u1 |
|
| HIGH |
CVE-2019-19603 |
sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS |
libsqlite3-0 |
3.27.2-3+deb10u1 |
|
| HIGH |
CVE-2022-1304 |
e2fsprogs: out-of-bounds read/write via crafted filesystem |
libss2 |
1.44.5-1+deb10u3 |
|
| HIGH |
CVE-2018-12886 |
gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow prot |
libstdc++6 |
8.3.0-6 |
|
| HIGH |
CVE-2019-15847 |
gcc: POWER9 "DARN" RNG intrinsic produces repeated output |
libstdc++6 |
8.3.0-6 |
|
| HIGH |
CVE-2019-3843 |
systemd: services with DynamicUser can create SUID/SGID binaries |
libsystemd0 |
241-7~deb10u8 |
|
| HIGH |
CVE-2019-3844 |
systemd: services with DynamicUser can get new privileges and create SGID binaries |
libsystemd0 |
241-7~deb10u8 |
|
| HIGH |
CVE-2022-29458 |
ncurses: segfaulting OOB read |
libtinfo6 |
6.1+20181013-2+deb10u2 |
|
| HIGH |
CVE-2019-3843 |
systemd: services with DynamicUser can create SUID/SGID binaries |
libudev1 |
241-7~deb10u8 |
|
| HIGH |
CVE-2019-3844 |
systemd: services with DynamicUser can get new privileges and create SGID binaries |
libudev1 |
241-7~deb10u8 |
|
| HIGH |
CVE-2022-29458 |
ncurses: segfaulting OOB read |
ncurses-base |
6.1+20181013-2+deb10u2 |
|
| HIGH |
CVE-2022-29458 |
ncurses: segfaulting OOB read |
ncurses-bin |
6.1+20181013-2+deb10u2 |
|
| HIGH |
CVE-2020-16156 |
perl-CPAN: Bypass of verification of signatures in CHECKSUMS files |
perl |
5.28.1-6+deb10u1 |
|
| HIGH |
CVE-2020-16156 |
perl-CPAN: Bypass of verification of signatures in CHECKSUMS files |
perl-base |
5.28.1-6+deb10u1 |
|
| HIGH |
CVE-2020-16156 |
perl-CPAN: Bypass of verification of signatures in CHECKSUMS files |
perl-modules-5.28 |
5.28.1-6+deb10u1 |
|
| HIGH |
CVE-2022-29162 |
runc: incorrect handling of inheritable capabilities |
github.com/opencontainers/runc |
v1.0.1 |
v1.1.2 |
| MEDIUM |
CVE-2019-25013 |
glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR en |
libc-bin |
2.28-10+deb10u1 |
|
| MEDIUM |
CVE-2020-10029 |
glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions |
libc-bin |
2.28-10+deb10u1 |
|
| MEDIUM |
CVE-2020-27618 |
glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh |
libc-bin |
2.28-10+deb10u1 |
|
| MEDIUM |
CVE-2019-25013 |
glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR en |
libc6 |
2.28-10+deb10u1 |
|
| MEDIUM |
CVE-2020-10029 |
glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions |
libc6 |
2.28-10+deb10u1 |
|
| MEDIUM |
CVE-2020-27618 |
glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh |
libc6 |
2.28-10+deb10u1 |
|
| MEDIUM |
CVE-2019-13627 |
libgcrypt: ECDSA timing attack allowing private key leak |
libgcrypt20 |
1.8.4-5+deb10u1 |
|
| MEDIUM |
CVE-2021-4209 |
GnuTLS: Null pointer dereference in MD_UPDATE |
libgnutls30 |
3.6.7-4+deb10u7 |
|
| MEDIUM |
CVE-2020-14155 |
pcre: Integer overflow when parsing callout numeric arguments |
libpcre3 |
2:8.39-12 |
|
| MEDIUM |
CVE-2019-19645 |
sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TAB |
libsqlite3-0 |
3.27.2-3+deb10u1 |
|
| MEDIUM |
CVE-2019-19924 |
sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rew |
libsqlite3-0 |
3.27.2-3+deb10u1 |
|
| MEDIUM |
CVE-2020-13631 |
sqlite: Virtual table can be renamed into the name of one of its shadow tables |
libsqlite3-0 |
3.27.2-3+deb10u1 |
|
| MEDIUM |
CVE-2021-45346 |
sqlite: crafted SQL query allows a malicious user to obtain sensitive information |
libsqlite3-0 |
3.27.2-3+deb10u1 |
|
| MEDIUM |
CVE-2022-2068 |
openssl: the c_rehash script allows command injection |
libssl1.1 |
1.1.1n-0+deb10u2 |
|
| MEDIUM |
CVE-2021-3997 |
systemd: Uncontrolled recursion in systemd-tmpfiles when removing files |
libsystemd0 |
241-7~deb10u8 |
|
| MEDIUM |
CVE-2021-3997 |
systemd: Uncontrolled recursion in systemd-tmpfiles when removing files |
libudev1 |
241-7~deb10u8 |
|
| MEDIUM |
CVE-2022-2068 |
openssl: the c_rehash script allows command injection |
openssl |
1.1.1n-0+deb10u2 |
|
| MEDIUM |
CVE-2021-43784 |
runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based con |
github.com/opencontainers/runc |
v1.0.1 |
v1.0.3 |
| MEDIUM |
CVE-2022-24769 |
moby: Default inheritable capabilities for linux container should be empty |
github.com/opencontainers/runc |
v1.0.1 |
v1.1.2 |
| LOW |
CVE-2011-3374 |
It was found that apt-key in apt, all versions, do not correctly valid ... |
apt |
1.8.2.3 |
|
| LOW |
CVE-2019-18276 |
bash: when effective UID is not equal to its real UID the saved UID is not dropped |
bash |
5.0-4 |
|
| LOW |
CVE-2021-37600 |
util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils |
bsdutils |
2.33.1-0.1 |
|
| LOW |
CVE-2022-0563 |
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
bsdutils |
2.33.1-0.1 |
|
| LOW |
CVE-2016-2781 |
coreutils: Non-privileged session can escape to the parent session in chroot |
coreutils |
8.30-3 |
|
| LOW |
CVE-2017-18018 |
coreutils: race condition vulnerability in chown and chgrp |
coreutils |
8.30-3 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
dirmngr |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2021-37600 |
util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils |
fdisk |
2.33.1-0.1 |
|
| LOW |
CVE-2022-0563 |
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
fdisk |
2.33.1-0.1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gnupg |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gnupg-l10n |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gnupg-utils |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gpg |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gpg-agent |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gpg-wks-client |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gpg-wks-server |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gpgconf |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gpgsm |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2019-14855 |
gnupg2: OpenPGP Key Certification Forgeries with SHA-1 |
gpgv |
2.2.12-1+deb10u1 |
|
| LOW |
CVE-2004-0971 |
security flaw |
krb5-locales |
1.17-3+deb10u3 |
|
| LOW |
CVE-2018-5709 |
krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c |
krb5-locales |
1.17-3+deb10u3 |
|
| LOW |
CVE-2011-3374 |
It was found that apt-key in apt, all versions, do not correctly valid ... |
libapt-pkg5.0 |
1.8.2.3 |
|
| LOW |
CVE-2021-37600 |
util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils |
libblkid1 |
2.33.1-0.1 |
|
| LOW |
CVE-2022-0563 |
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
libblkid1 |
2.33.1-0.1 |
|
| LOW |
CVE-2010-4756 |
glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expres |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2016-10228 |
glibc: iconv program can hang when invoked with the -c option |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2018-20796 |
glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-1010022 |
glibc: stack guard protection bypass |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-1010023 |
glibc: running ldd on malicious ELF leads to code execution because of wrong size computation |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-1010024 |
glibc: ASLR bypass using cache of thread stack and heap |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-1010025 |
glibc: information disclosure of heap addresses of pthread_created thread |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-19126 |
glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-9192 |
glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2020-6096 |
glibc: signed comparison vulnerability in the ARMv7 memcpy function |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2021-27645 |
glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c |
libc-bin |
2.28-10+deb10u1 |
|
| LOW |
CVE-2010-4756 |
glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expres |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2016-10228 |
glibc: iconv program can hang when invoked with the -c option |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2018-20796 |
glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-1010022 |
glibc: stack guard protection bypass |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-1010023 |
glibc: running ldd on malicious ELF leads to code execution because of wrong size computation |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-1010024 |
glibc: ASLR bypass using cache of thread stack and heap |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-1010025 |
glibc: information disclosure of heap addresses of pthread_created thread |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-19126 |
glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2019-9192 |
glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2020-6096 |
glibc: signed comparison vulnerability in the ARMv7 memcpy function |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2021-27645 |
glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c |
libc6 |
2.28-10+deb10u1 |
|
| LOW |
CVE-2021-37600 |
util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils |
libfdisk1 |
2.33.1-0.1 |
|
| LOW |
CVE-2022-0563 |
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
libfdisk1 |
2.33.1-0.1 |
|
| LOW |
CVE-2018-6829 |
libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintex |
libgcrypt20 |
1.8.4-5+deb10u1 |
|
| LOW |
CVE-2011-3389 |
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) |
libgnutls30 |
3.6.7-4+deb10u7 |
|
| LOW |
CVE-2004-0971 |
security flaw |
libgssapi-krb5-2 |
1.17-3+deb10u3 |
|
| LOW |
CVE-2018-5709 |
krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c |
libgssapi-krb5-2 |
1.17-3+deb10u3 |
|
| LOW |
CVE-2004-0971 |
security flaw |
libk5crypto3 |
1.17-3+deb10u3 |
|
| LOW |
CVE-2018-5709 |
krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c |
libk5crypto3 |
1.17-3+deb10u3 |
|
| LOW |
CVE-2004-0971 |
security flaw |
libkrb5-3 |
1.17-3+deb10u3 |
|
| LOW |
CVE-2018-5709 |
krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c |
libkrb5-3 |
1.17-3+deb10u3 |
|
| LOW |
CVE-2004-0971 |
security flaw |
libkrb5support0 |
1.17-3+deb10u3 |
|
| LOW |
CVE-2018-5709 |
krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c |
libkrb5support0 |
1.17-3+deb10u3 |
|
| LOW |
CVE-2015-3276 |
openldap: incorrect multi-keyword mode cipherstring parsing |
libldap-2.4-2 |
2.4.47+dfsg-3+deb10u7 |
|
| LOW |
CVE-2017-14159 |
openldap: Privilege escalation via PID file manipulation |
libldap-2.4-2 |
2.4.47+dfsg-3+deb10u7 |
|
| LOW |
CVE-2017-17740 |
openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers |
libldap-2.4-2 |
2.4.47+dfsg-3+deb10u7 |
|
| LOW |
CVE-2020-15719 |
openldap: Certificate validation incorrectly matches name against CN-ID |
libldap-2.4-2 |
2.4.47+dfsg-3+deb10u7 |
|
| LOW |
CVE-2015-3276 |
openldap: incorrect multi-keyword mode cipherstring parsing |
libldap-common |
2.4.47+dfsg-3+deb10u7 |
|
| LOW |
CVE-2017-14159 |
openldap: Privilege escalation via PID file manipulation |
libldap-common |
2.4.47+dfsg-3+deb10u7 |
|
| LOW |
CVE-2017-17740 |
openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers |
libldap-common |
2.4.47+dfsg-3+deb10u7 |
|
| LOW |
CVE-2020-15719 |
openldap: Certificate validation incorrectly matches name against CN-ID |
libldap-common |
2.4.47+dfsg-3+deb10u7 |
|
| LOW |
CVE-2019-17543 |
lz4: heap-based buffer overflow in LZ4_write32 |
liblz4-1 |
1.8.3-1+deb10u1 |
|
| LOW |
CVE-2021-37600 |
util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils |
libmount1 |
2.33.1-0.1 |
|
| LOW |
CVE-2022-0563 |
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
libmount1 |
2.33.1-0.1 |
|
| LOW |
CVE-2021-39537 |
ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c |
libncurses6 |
6.1+20181013-2+deb10u2 |
|
| LOW |
CVE-2021-39537 |
ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c |
libncursesw6 |
6.1+20181013-2+deb10u2 |
|
| LOW |
CVE-2017-11164 |
pcre: OP_KETRMAX feature in the match function in pcre_exec.c |
libpcre3 |
2:8.39-12 |
|
| LOW |
CVE-2017-16231 |
pcre: self-recursive call in match() in pcre_exec.c leads to denial of service |
libpcre3 |
2:8.39-12 |
|
| LOW |
CVE-2017-7245 |
pcre: stack-based buffer overflow write in pcre32_copy_substring |
libpcre3 |
2:8.39-12 |
|
| LOW |
CVE-2017-7246 |
pcre: stack-based buffer overflow write in pcre32_copy_substring |
libpcre3 |
2:8.39-12 |
|
| LOW |
CVE-2019-20838 |
pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 |
libpcre3 |
2:8.39-12 |
|
| LOW |
CVE-2011-4116 |
perl: File::Temp insecure temporary file handling |
libperl5.28 |
5.28.1-6+deb10u1 |
|
| LOW |
CVE-2019-9893 |
libseccomp: incorrect generation of syscall filters in libseccomp |
libseccomp2 |
2.3.3-4 |
|
| LOW |
CVE-2021-36084 |
libsepol: use-after-free in __cil_verify_classperms() |
libsepol1 |
2.8-1 |
|
| LOW |
CVE-2021-36085 |
libsepol: use-after-free in __cil_verify_classperms() |
libsepol1 |
2.8-1 |
|
| LOW |
CVE-2021-36086 |
libsepol: use-after-free in cil_reset_classpermission() |
libsepol1 |
2.8-1 |
|
| LOW |
CVE-2021-36087 |
libsepol: heap-based buffer overflow in ebitmap_match_any() |
libsepol1 |
2.8-1 |
|
| LOW |
CVE-2021-37600 |
util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils |
libsmartcols1 |
2.33.1-0.1 |
|
| LOW |
CVE-2022-0563 |
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
libsmartcols1 |
2.33.1-0.1 |
|
| LOW |
CVE-2019-19244 |
sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain |
libsqlite3-0 |
3.27.2-3+deb10u1 |
|
| LOW |
CVE-2020-11656 |
sqlite: use-after-free in the ALTER TABLE implementation |
libsqlite3-0 |
3.27.2-3+deb10u1 |
|
| LOW |
CVE-2021-36690 |
** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ... |
libsqlite3-0 |
3.27.2-3+deb10u1 |
|
| LOW |
CVE-2007-6755 |
Dual_EC_DRBG: weak pseudo random number generator |
libssl1.1 |
1.1.1n-0+deb10u2 |
|
| LOW |
CVE-2010-0928 |
openssl: RSA authentication weakness |
libssl1.1 |
1.1.1n-0+deb10u2 |
|
| LOW |
CVE-2013-4392 |
systemd: TOCTOU race condition when updating file permissions and SELinux security contexts |
libsystemd0 |
241-7~deb10u8 |
|
| LOW |
CVE-2019-20386 |
systemd: memory leak in button_open() in login/logind-button.c when udev events are received |
libsystemd0 |
241-7~deb10u8 |
|
| LOW |
CVE-2020-13529 |
systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client t |
libsystemd0 |
241-7~deb10u8 |
|
| LOW |
CVE-2020-13776 |
systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal |
libsystemd0 |
241-7~deb10u8 |
|
| LOW |
CVE-2018-1000654 |
libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion |
libtasn1-6 |
4.13-3 |
|
| LOW |
CVE-2021-39537 |
ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c |
libtinfo6 |
6.1+20181013-2+deb10u2 |
|
| LOW |
CVE-2013-4392 |
systemd: TOCTOU race condition when updating file permissions and SELinux security contexts |
libudev1 |
241-7~deb10u8 |
|
| LOW |
CVE-2019-20386 |
systemd: memory leak in button_open() in login/logind-button.c when udev events are received |
libudev1 |
241-7~deb10u8 |
|
| LOW |
CVE-2020-13529 |
systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client t |
libudev1 |
241-7~deb10u8 |
|
| LOW |
CVE-2020-13776 |
systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal |
libudev1 |
241-7~deb10u8 |
|
| LOW |
CVE-2021-37600 |
util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils |
libuuid1 |
2.33.1-0.1 |
|
| LOW |
CVE-2022-0563 |
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
libuuid1 |
2.33.1-0.1 |
|
| LOW |
CVE-2007-5686 |
initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... |
login |
1:4.5-1.1 |
|
| LOW |
CVE-2013-4235 |
shadow-utils: TOCTOU race conditions by copying and removing directory trees |
login |
1:4.5-1.1 |
|
| LOW |
CVE-2018-7169 |
shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing p |
login |
1:4.5-1.1 |
|
| LOW |
CVE-2019-19882 |
shadow-utils: local users can obtain root access because setuid programs are misconfigured |
login |
1:4.5-1.1 |
|
| LOW |
CVE-2021-37600 |
util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils |
mount |
2.33.1-0.1 |
|
| LOW |
CVE-2022-0563 |
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
mount |
2.33.1-0.1 |
|
| LOW |
CVE-2021-39537 |
ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c |
ncurses-base |
6.1+20181013-2+deb10u2 |
|
| LOW |
CVE-2021-39537 |
ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c |
ncurses-bin |
6.1+20181013-2+deb10u2 |
|
| LOW |
CVE-2007-6755 |
Dual_EC_DRBG: weak pseudo random number generator |
openssl |
1.1.1n-0+deb10u2 |
|
| LOW |
CVE-2010-0928 |
openssl: RSA authentication weakness |
openssl |
1.1.1n-0+deb10u2 |
|
| LOW |
CVE-2007-5686 |
initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... |
passwd |
1:4.5-1.1 |
|
| LOW |
CVE-2013-4235 |
shadow-utils: TOCTOU race conditions by copying and removing directory trees |
passwd |
1:4.5-1.1 |
|
| LOW |
CVE-2018-7169 |
shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing p |
passwd |
1:4.5-1.1 |
|
| LOW |
CVE-2019-19882 |
shadow-utils: local users can obtain root access because setuid programs are misconfigured |
passwd |
1:4.5-1.1 |
|
| LOW |
CVE-2011-4116 |
perl: File::Temp insecure temporary file handling |
perl |
5.28.1-6+deb10u1 |
|
| LOW |
CVE-2011-4116 |
perl: File::Temp insecure temporary file handling |
perl-base |
5.28.1-6+deb10u1 |
|
| LOW |
CVE-2011-4116 |
perl: File::Temp insecure temporary file handling |
perl-modules-5.28 |
5.28.1-6+deb10u1 |
|
| LOW |
CVE-2005-2541 |
tar: does not properly warn the user when extracting setuid or setgid files |
tar |
1.30+dfsg-6 |
|
| LOW |
CVE-2019-9923 |
tar: null-pointer dereference in pax_decode_header in sparse.c |
tar |
1.30+dfsg-6 |
|
| LOW |
CVE-2021-20193 |
tar: Memory leak in read_header() in list.c |
tar |
1.30+dfsg-6 |
|
| LOW |
CVE-2021-37600 |
util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils |
util-linux |
2.33.1-0.1 |
|
| LOW |
CVE-2022-0563 |
util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
util-linux |
2.33.1-0.1 |
|