dockerhub.hi.inet evolved 5g fogusnetapp evolved5g_pilot_db - Telefonica/Evolved5g-FogusNetApp Wiki

Scan of image: dockerhub.hi.inet/evolved-5g/fogusnetapp-evolved5g_pilot_db


Summary

Severity Number of vulnerabilities
CRITICAL 9
HIGH 35
MEDIUM 19
LOW 123

Vulnerabilities

Severity ID Title PkgName InstalledVersion FixedVersion
CRITICAL CVE-2021-33574 glibc: mq_notify does not handle separately allocated thread attributes libc-bin 2.28-10+deb10u1
CRITICAL CVE-2021-35942 glibc: Arbitrary read in wordexp() libc-bin 2.28-10+deb10u1
CRITICAL CVE-2022-23218 glibc: Stack-based buffer overflow in svcunix_create via long pathnames libc-bin 2.28-10+deb10u1
CRITICAL CVE-2022-23219 glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname libc-bin 2.28-10+deb10u1
CRITICAL CVE-2021-33574 glibc: mq_notify does not handle separately allocated thread attributes libc6 2.28-10+deb10u1
CRITICAL CVE-2021-35942 glibc: Arbitrary read in wordexp() libc6 2.28-10+deb10u1
CRITICAL CVE-2022-23218 glibc: Stack-based buffer overflow in svcunix_create via long pathnames libc6 2.28-10+deb10u1
CRITICAL CVE-2022-23219 glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname libc6 2.28-10+deb10u1
CRITICAL CVE-2019-8457 sqlite: heap out-of-bound read in function rtreenode() libdb5.3 5.3.28+dfsg1-0.5
HIGH CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem e2fsprogs 1.44.5-1+deb10u3
HIGH CVE-2018-12886 gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow prot gcc-8-base 8.3.0-6
HIGH CVE-2019-15847 gcc: POWER9 "DARN" RNG intrinsic produces repeated output gcc-8-base 8.3.0-6
HIGH CVE-2020-1751 glibc: array overflow in backtrace functions for powerpc libc-bin 2.28-10+deb10u1
HIGH CVE-2020-1752 glibc: use-after-free in glob() function when expanding ~user libc-bin 2.28-10+deb10u1
HIGH CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters libc-bin 2.28-10+deb10u1
HIGH CVE-2021-3999 glibc: Off-by-one buffer overflow/underflow in getcwd() libc-bin 2.28-10+deb10u1
HIGH CVE-2020-1751 glibc: array overflow in backtrace functions for powerpc libc6 2.28-10+deb10u1
HIGH CVE-2020-1752 glibc: use-after-free in glob() function when expanding ~user libc6 2.28-10+deb10u1
HIGH CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters libc6 2.28-10+deb10u1
HIGH CVE-2021-3999 glibc: Off-by-one buffer overflow/underflow in getcwd() libc6 2.28-10+deb10u1
HIGH CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem libcom-err2 1.44.5-1+deb10u3
HIGH CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem libext2fs2 1.44.5-1+deb10u3
HIGH CVE-2018-12886 gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow prot libgcc1 8.3.0-6
HIGH CVE-2019-15847 gcc: POWER9 "DARN" RNG intrinsic produces repeated output libgcc1 8.3.0-6
HIGH CVE-2021-33560 libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channe libgcrypt20 1.8.4-5+deb10u1
HIGH CVE-2019-12290 GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ... libidn2-0 2.0.5-1+deb10u1
HIGH CVE-2022-29458 ncurses: segfaulting OOB read libncurses6 6.1+20181013-2+deb10u2
HIGH CVE-2022-29458 ncurses: segfaulting OOB read libncursesw6 6.1+20181013-2+deb10u2
HIGH CVE-2020-16156 perl-CPAN: Bypass of verification of signatures in CHECKSUMS files libperl5.28 5.28.1-6+deb10u1
HIGH CVE-2019-19603 sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS libsqlite3-0 3.27.2-3+deb10u1
HIGH CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem libss2 1.44.5-1+deb10u3
HIGH CVE-2018-12886 gcc: spilling of stack protection address in cfgexpand.c and function.c leads to stack-overflow prot libstdc++6 8.3.0-6
HIGH CVE-2019-15847 gcc: POWER9 "DARN" RNG intrinsic produces repeated output libstdc++6 8.3.0-6
HIGH CVE-2019-3843 systemd: services with DynamicUser can create SUID/SGID binaries libsystemd0 241-7~deb10u8
HIGH CVE-2019-3844 systemd: services with DynamicUser can get new privileges and create SGID binaries libsystemd0 241-7~deb10u8
HIGH CVE-2022-29458 ncurses: segfaulting OOB read libtinfo6 6.1+20181013-2+deb10u2
HIGH CVE-2019-3843 systemd: services with DynamicUser can create SUID/SGID binaries libudev1 241-7~deb10u8
HIGH CVE-2019-3844 systemd: services with DynamicUser can get new privileges and create SGID binaries libudev1 241-7~deb10u8
HIGH CVE-2022-29458 ncurses: segfaulting OOB read ncurses-base 6.1+20181013-2+deb10u2
HIGH CVE-2022-29458 ncurses: segfaulting OOB read ncurses-bin 6.1+20181013-2+deb10u2
HIGH CVE-2020-16156 perl-CPAN: Bypass of verification of signatures in CHECKSUMS files perl 5.28.1-6+deb10u1
HIGH CVE-2020-16156 perl-CPAN: Bypass of verification of signatures in CHECKSUMS files perl-base 5.28.1-6+deb10u1
HIGH CVE-2020-16156 perl-CPAN: Bypass of verification of signatures in CHECKSUMS files perl-modules-5.28 5.28.1-6+deb10u1
HIGH CVE-2022-29162 runc: incorrect handling of inheritable capabilities github.com/opencontainers/runc v1.0.1 v1.1.2
MEDIUM CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR en libc-bin 2.28-10+deb10u1
MEDIUM CVE-2020-10029 glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions libc-bin 2.28-10+deb10u1
MEDIUM CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh libc-bin 2.28-10+deb10u1
MEDIUM CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR en libc6 2.28-10+deb10u1
MEDIUM CVE-2020-10029 glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions libc6 2.28-10+deb10u1
MEDIUM CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh libc6 2.28-10+deb10u1
MEDIUM CVE-2019-13627 libgcrypt: ECDSA timing attack allowing private key leak libgcrypt20 1.8.4-5+deb10u1
MEDIUM CVE-2021-4209 GnuTLS: Null pointer dereference in MD_UPDATE libgnutls30 3.6.7-4+deb10u7
MEDIUM CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments libpcre3 2:8.39-12
MEDIUM CVE-2019-19645 sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TAB libsqlite3-0 3.27.2-3+deb10u1
MEDIUM CVE-2019-19924 sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rew libsqlite3-0 3.27.2-3+deb10u1
MEDIUM CVE-2020-13631 sqlite: Virtual table can be renamed into the name of one of its shadow tables libsqlite3-0 3.27.2-3+deb10u1
MEDIUM CVE-2021-45346 sqlite: crafted SQL query allows a malicious user to obtain sensitive information libsqlite3-0 3.27.2-3+deb10u1
MEDIUM CVE-2022-2068 openssl: the c_rehash script allows command injection libssl1.1 1.1.1n-0+deb10u2
MEDIUM CVE-2021-3997 systemd: Uncontrolled recursion in systemd-tmpfiles when removing files libsystemd0 241-7~deb10u8
MEDIUM CVE-2021-3997 systemd: Uncontrolled recursion in systemd-tmpfiles when removing files libudev1 241-7~deb10u8
MEDIUM CVE-2022-2068 openssl: the c_rehash script allows command injection openssl 1.1.1n-0+deb10u2
MEDIUM CVE-2021-43784 runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based con github.com/opencontainers/runc v1.0.1 v1.0.3
MEDIUM CVE-2022-24769 moby: Default inheritable capabilities for linux container should be empty github.com/opencontainers/runc v1.0.1 v1.1.2
LOW CVE-2011-3374 It was found that apt-key in apt, all versions, do not correctly valid ... apt 1.8.2.3
LOW CVE-2019-18276 bash: when effective UID is not equal to its real UID the saved UID is not dropped bash 5.0-4
LOW CVE-2021-37600 util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils bsdutils 2.33.1-0.1
LOW CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline bsdutils 2.33.1-0.1
LOW CVE-2016-2781 coreutils: Non-privileged session can escape to the parent session in chroot coreutils 8.30-3
LOW CVE-2017-18018 coreutils: race condition vulnerability in chown and chgrp coreutils 8.30-3
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 dirmngr 2.2.12-1+deb10u1
LOW CVE-2021-37600 util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils fdisk 2.33.1-0.1
LOW CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline fdisk 2.33.1-0.1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gnupg 2.2.12-1+deb10u1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gnupg-l10n 2.2.12-1+deb10u1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gnupg-utils 2.2.12-1+deb10u1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gpg 2.2.12-1+deb10u1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gpg-agent 2.2.12-1+deb10u1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gpg-wks-client 2.2.12-1+deb10u1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gpg-wks-server 2.2.12-1+deb10u1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gpgconf 2.2.12-1+deb10u1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gpgsm 2.2.12-1+deb10u1
LOW CVE-2019-14855 gnupg2: OpenPGP Key Certification Forgeries with SHA-1 gpgv 2.2.12-1+deb10u1
LOW CVE-2004-0971 security flaw krb5-locales 1.17-3+deb10u3
LOW CVE-2018-5709 krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c krb5-locales 1.17-3+deb10u3
LOW CVE-2011-3374 It was found that apt-key in apt, all versions, do not correctly valid ... libapt-pkg5.0 1.8.2.3
LOW CVE-2021-37600 util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils libblkid1 2.33.1-0.1
LOW CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline libblkid1 2.33.1-0.1
LOW CVE-2010-4756 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expres libc-bin 2.28-10+deb10u1
LOW CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option libc-bin 2.28-10+deb10u1
LOW CVE-2018-20796 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c libc-bin 2.28-10+deb10u1
LOW CVE-2019-1010022 glibc: stack guard protection bypass libc-bin 2.28-10+deb10u1
LOW CVE-2019-1010023 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation libc-bin 2.28-10+deb10u1
LOW CVE-2019-1010024 glibc: ASLR bypass using cache of thread stack and heap libc-bin 2.28-10+deb10u1
LOW CVE-2019-1010025 glibc: information disclosure of heap addresses of pthread_created thread libc-bin 2.28-10+deb10u1
LOW CVE-2019-19126 glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries libc-bin 2.28-10+deb10u1
LOW CVE-2019-9192 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c libc-bin 2.28-10+deb10u1
LOW CVE-2020-6096 glibc: signed comparison vulnerability in the ARMv7 memcpy function libc-bin 2.28-10+deb10u1
LOW CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c libc-bin 2.28-10+deb10u1
LOW CVE-2010-4756 glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expres libc6 2.28-10+deb10u1
LOW CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option libc6 2.28-10+deb10u1
LOW CVE-2018-20796 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c libc6 2.28-10+deb10u1
LOW CVE-2019-1010022 glibc: stack guard protection bypass libc6 2.28-10+deb10u1
LOW CVE-2019-1010023 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation libc6 2.28-10+deb10u1
LOW CVE-2019-1010024 glibc: ASLR bypass using cache of thread stack and heap libc6 2.28-10+deb10u1
LOW CVE-2019-1010025 glibc: information disclosure of heap addresses of pthread_created thread libc6 2.28-10+deb10u1
LOW CVE-2019-19126 glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries libc6 2.28-10+deb10u1
LOW CVE-2019-9192 glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c libc6 2.28-10+deb10u1
LOW CVE-2020-6096 glibc: signed comparison vulnerability in the ARMv7 memcpy function libc6 2.28-10+deb10u1
LOW CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c libc6 2.28-10+deb10u1
LOW CVE-2021-37600 util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils libfdisk1 2.33.1-0.1
LOW CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline libfdisk1 2.33.1-0.1
LOW CVE-2018-6829 libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintex libgcrypt20 1.8.4-5+deb10u1
LOW CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) libgnutls30 3.6.7-4+deb10u7
LOW CVE-2004-0971 security flaw libgssapi-krb5-2 1.17-3+deb10u3
LOW CVE-2018-5709 krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c libgssapi-krb5-2 1.17-3+deb10u3
LOW CVE-2004-0971 security flaw libk5crypto3 1.17-3+deb10u3
LOW CVE-2018-5709 krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c libk5crypto3 1.17-3+deb10u3
LOW CVE-2004-0971 security flaw libkrb5-3 1.17-3+deb10u3
LOW CVE-2018-5709 krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c libkrb5-3 1.17-3+deb10u3
LOW CVE-2004-0971 security flaw libkrb5support0 1.17-3+deb10u3
LOW CVE-2018-5709 krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c libkrb5support0 1.17-3+deb10u3
LOW CVE-2015-3276 openldap: incorrect multi-keyword mode cipherstring parsing libldap-2.4-2 2.4.47+dfsg-3+deb10u7
LOW CVE-2017-14159 openldap: Privilege escalation via PID file manipulation libldap-2.4-2 2.4.47+dfsg-3+deb10u7
LOW CVE-2017-17740 openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers libldap-2.4-2 2.4.47+dfsg-3+deb10u7
LOW CVE-2020-15719 openldap: Certificate validation incorrectly matches name against CN-ID libldap-2.4-2 2.4.47+dfsg-3+deb10u7
LOW CVE-2015-3276 openldap: incorrect multi-keyword mode cipherstring parsing libldap-common 2.4.47+dfsg-3+deb10u7
LOW CVE-2017-14159 openldap: Privilege escalation via PID file manipulation libldap-common 2.4.47+dfsg-3+deb10u7
LOW CVE-2017-17740 openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers libldap-common 2.4.47+dfsg-3+deb10u7
LOW CVE-2020-15719 openldap: Certificate validation incorrectly matches name against CN-ID libldap-common 2.4.47+dfsg-3+deb10u7
LOW CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 liblz4-1 1.8.3-1+deb10u1
LOW CVE-2021-37600 util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils libmount1 2.33.1-0.1
LOW CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline libmount1 2.33.1-0.1
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c libncurses6 6.1+20181013-2+deb10u2
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c libncursesw6 6.1+20181013-2+deb10u2
LOW CVE-2017-11164 pcre: OP_KETRMAX feature in the match function in pcre_exec.c libpcre3 2:8.39-12
LOW CVE-2017-16231 pcre: self-recursive call in match() in pcre_exec.c leads to denial of service libpcre3 2:8.39-12
LOW CVE-2017-7245 pcre: stack-based buffer overflow write in pcre32_copy_substring libpcre3 2:8.39-12
LOW CVE-2017-7246 pcre: stack-based buffer overflow write in pcre32_copy_substring libpcre3 2:8.39-12
LOW CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 libpcre3 2:8.39-12
LOW CVE-2011-4116 perl: File::Temp insecure temporary file handling libperl5.28 5.28.1-6+deb10u1
LOW CVE-2019-9893 libseccomp: incorrect generation of syscall filters in libseccomp libseccomp2 2.3.3-4
LOW CVE-2021-36084 libsepol: use-after-free in __cil_verify_classperms() libsepol1 2.8-1
LOW CVE-2021-36085 libsepol: use-after-free in __cil_verify_classperms() libsepol1 2.8-1
LOW CVE-2021-36086 libsepol: use-after-free in cil_reset_classpermission() libsepol1 2.8-1
LOW CVE-2021-36087 libsepol: heap-based buffer overflow in ebitmap_match_any() libsepol1 2.8-1
LOW CVE-2021-37600 util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils libsmartcols1 2.33.1-0.1
LOW CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline libsmartcols1 2.33.1-0.1
LOW CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain libsqlite3-0 3.27.2-3+deb10u1
LOW CVE-2020-11656 sqlite: use-after-free in the ALTER TABLE implementation libsqlite3-0 3.27.2-3+deb10u1
LOW CVE-2021-36690 ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ... libsqlite3-0 3.27.2-3+deb10u1
LOW CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator libssl1.1 1.1.1n-0+deb10u2
LOW CVE-2010-0928 openssl: RSA authentication weakness libssl1.1 1.1.1n-0+deb10u2
LOW CVE-2013-4392 systemd: TOCTOU race condition when updating file permissions and SELinux security contexts libsystemd0 241-7~deb10u8
LOW CVE-2019-20386 systemd: memory leak in button_open() in login/logind-button.c when udev events are received libsystemd0 241-7~deb10u8
LOW CVE-2020-13529 systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client t libsystemd0 241-7~deb10u8
LOW CVE-2020-13776 systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal libsystemd0 241-7~deb10u8
LOW CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion libtasn1-6 4.13-3
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c libtinfo6 6.1+20181013-2+deb10u2
LOW CVE-2013-4392 systemd: TOCTOU race condition when updating file permissions and SELinux security contexts libudev1 241-7~deb10u8
LOW CVE-2019-20386 systemd: memory leak in button_open() in login/logind-button.c when udev events are received libudev1 241-7~deb10u8
LOW CVE-2020-13529 systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client t libudev1 241-7~deb10u8
LOW CVE-2020-13776 systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal libudev1 241-7~deb10u8
LOW CVE-2021-37600 util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils libuuid1 2.33.1-0.1
LOW CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline libuuid1 2.33.1-0.1
LOW CVE-2007-5686 initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... login 1:4.5-1.1
LOW CVE-2013-4235 shadow-utils: TOCTOU race conditions by copying and removing directory trees login 1:4.5-1.1
LOW CVE-2018-7169 shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing p login 1:4.5-1.1
LOW CVE-2019-19882 shadow-utils: local users can obtain root access because setuid programs are misconfigured login 1:4.5-1.1
LOW CVE-2021-37600 util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils mount 2.33.1-0.1
LOW CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline mount 2.33.1-0.1
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c ncurses-base 6.1+20181013-2+deb10u2
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c ncurses-bin 6.1+20181013-2+deb10u2
LOW CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator openssl 1.1.1n-0+deb10u2
LOW CVE-2010-0928 openssl: RSA authentication weakness openssl 1.1.1n-0+deb10u2
LOW CVE-2007-5686 initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... passwd 1:4.5-1.1
LOW CVE-2013-4235 shadow-utils: TOCTOU race conditions by copying and removing directory trees passwd 1:4.5-1.1
LOW CVE-2018-7169 shadow-utils: newgidmap allows unprivileged user to drop supplementary groups potentially allowing p passwd 1:4.5-1.1
LOW CVE-2019-19882 shadow-utils: local users can obtain root access because setuid programs are misconfigured passwd 1:4.5-1.1
LOW CVE-2011-4116 perl: File::Temp insecure temporary file handling perl 5.28.1-6+deb10u1
LOW CVE-2011-4116 perl: File::Temp insecure temporary file handling perl-base 5.28.1-6+deb10u1
LOW CVE-2011-4116 perl: File::Temp insecure temporary file handling perl-modules-5.28 5.28.1-6+deb10u1
LOW CVE-2005-2541 tar: does not properly warn the user when extracting setuid or setgid files tar 1.30+dfsg-6
LOW CVE-2019-9923 tar: null-pointer dereference in pax_decode_header in sparse.c tar 1.30+dfsg-6
LOW CVE-2021-20193 tar: Memory leak in read_header() in list.c tar 1.30+dfsg-6
LOW CVE-2021-37600 util-linux: integer overflow can lead to buffer overflow in get_sem_elements() in sys-utils/ipcutils util-linux 2.33.1-0.1
LOW CVE-2022-0563 util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline util-linux 2.33.1-0.1

Date: 2022-06-23