Running with gitlab-runner 13.11.0 (7f7a4bb0)  on gitlab-runners-bigbang-gitlab-runner-gitlab-runner-797d46cxptjg WntjV97x  feature flags: FF_GITLAB_REGISTRY_HELPER_IMAGE:true section_start:1619625197:resolve_secrets Resolving secrets section_end:1619625197:resolve_secrets section_start:1619625197:prepare_executor Preparing the "kubernetes" executor Using Kubernetes namespace: gitlab-runners Using Kubernetes executor with image aquasec/trivy:0.9.0 ... section_end:1619625197:prepare_executor section_start:1619625197:prepare_script Preparing environment Waiting for pod gitlab-runners/runner-wntjv97x-project-2327-concurrent-0l4p9r to be running, status is Pending Waiting for pod gitlab-runners/runner-wntjv97x-project-2327-concurrent-0l4p9r to be running, status is Pending ContainersNotReady: "containers with unready status: [build helper]" ContainersNotReady: "containers with unready status: [build helper]" Waiting for pod gitlab-runners/runner-wntjv97x-project-2327-concurrent-0l4p9r to be running, status is Pending ContainersNotReady: "containers with unready status: [build helper]" ContainersNotReady: "containers with unready status: [build helper]" Running on runner-wntjv97x-project-2327-concurrent-0l4p9r via gitlab-runners-bigbang-gitlab-runner-gitlab-runner-797d46cxptjg... section_end:1619625206:prepare_script section_start:1619625206:get_sources Getting source from Git repository Fetching changes with git depth set to 50... Initialized empty Git repository in /builds/platform-one/big-bang/pipeline-templates/pipeline-templates/.git/ Created fresh repository. Checking out f20f1e5c as fix-cypress-helm-bug... Skipping Git submodules setup section_end:1619625207:get_sources section_start:1619625207:step_script Executing "step_script" stage of the job script $ apk add skopeo fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.11/community/x86_64/APKINDEX.tar.gz (1/26) Installing device-mapper-libs (2.02.186-r0) (2/26) Installing libgpg-error (1.36-r2) (3/26) Installing libassuan (2.5.3-r0) (4/26) Installing libffi (3.2.1-r6) (5/26) Installing libblkid (2.34-r1) (6/26) Installing libmount (2.34-r1) (7/26) Installing pcre (8.43-r1) (8/26) Installing glib (2.62.6-r0) (9/26) Installing ncurses-terminfo-base (6.1_p20200118-r4) (10/26) Installing ncurses-libs (6.1_p20200118-r4) (11/26) Installing libgcrypt (1.8.5-r0) (12/26) Installing libsecret (0.19.1-r0) (13/26) Installing pinentry (1.1.0-r2) Executing pinentry-1.1.0-r2.post-install (14/26) Installing gmp (6.1.2-r1) (15/26) Installing nettle (3.5.1-r0) (16/26) Installing p11-kit (0.23.18.1-r1) (17/26) Installing libtasn1 (4.15.0-r0) (18/26) Installing libunistring (0.9.10-r0) (19/26) Installing gnutls (3.6.15-r1) (20/26) Installing libksba (1.3.5-r0) (21/26) Installing libsasl (2.1.27-r5) (22/26) Installing libldap (2.4.48-r3) (23/26) Installing npth (1.6-r0) (24/26) Installing gnupg (2.2.19-r0) (25/26) Installing gpgme (1.13.1-r1) (26/26) Installing skopeo (0.1.40-r1) Executing busybox-1.31.1-r9.trigger OK: 79 MiB in 64 packages $ skopeo copy --screds $CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD docker://$IMAGE:$CI_COMMIT_SHORT_SHA oci:/image Getting image source signatures Copying blob sha256:4b21dcdd136d133a4df0840e656af2f488c226dd384a98b89ced79064a4081b4 Copying blob sha256:55eda774346862e410811e3fa91cefe805bc11ff46fad425dd1b712709c05bbc Copying blob sha256:30866de5282ca00d453da3e3d314cc099097603d9faa0df727dc4e86ee81256a Copying blob sha256:5461e43d47ebfa3eab7e3d04dd67c793f441e0657ad70ce86c6a38254b25673a Copying blob sha256:281e9569b87c6ac4c29924149c7c48fd28b8655145a6cf1a615aa78e6e3581ea Copying blob sha256:cd91381b56e99f06d70dc2bad96a4e1d21a4a67b0b1ec21f707fb5be85785e19 Copying blob sha256:8f1b9eefff5d75222bcdd61736994b23e6829ccb37772621c81b7a56120dfcef Copying blob sha256:67ffca3964dfbba50dfb6541cc09d4abc50ffba41d4c4e8e82b7a6d0cc4d76e8 Copying blob sha256:b3407dfb8b33e57d1d6761c0f27f2b9b64f6139bb69a668990f6aa925db7d196 Copying blob sha256:4185c002ee62856b191f37af752b180efafbc3a753378d51c64d7f566cf62cda Copying blob sha256:0b61f152e657445a6e9d76223d872b383c491c98bed926a8c502b41f502866de Copying blob sha256:8551bca4d745081fe93662f017e5aeb0713c6034873088b801ee2352ed63dc32 Copying blob sha256:0e0ddbe7b6b40dbb276924102693120bbf33d4b14b012c2dc54c7ad627e6373a Copying blob sha256:d597d297e7bf5669f914d8ca97ffe1bf56815192cf5c25e6d756996eff4b480b Copying blob sha256:0e35f59a8a93b11bf557a009d9d960932818fe72bcbc13f0a5d0864424dc4e7d Copying blob sha256:fc7cc8308d39706f2b25c6a455ad69eb86caf33c28a90019447f8a3171b9ff5f Copying blob sha256:a0e51717a5a3f90ff5eef422904eefe314d80587467b2f8568a81330af921e48 Copying blob sha256:c8c8628b414efc661afc01da51c26b13c06cbbbdb17baffae5d89d1204c1d1f3 Copying blob sha256:1f3f7f4d102a8db331d9ff3715b8fa1660911780cd2760f595e52b88f6b6ddbd Copying blob sha256:284e16f2bf884a75b40bce9633f6a040c342cc510e0aae4236f20307b2208ec6 Copying blob sha256:0d70e1759d869014cfe4f1ba89ffa918d525ae5d13dbb7e9337125f878f33d31 Copying blob sha256:cdc0d07726c84a874489762c7061cae1bb95bb7634d186e65e5038677eb418f2 Copying blob sha256:4fb3bd5ef2c14ab4374eb7b7c030909685fea0d22f4c357769f6234913a06f60 Copying blob sha256:0b3b4fabb23d03f47c09fef57e595acc5ef61f25145e10ba40c54104698fe57f Copying blob sha256:7de81b881dbdf782124f29a282eb27de17d50a9e2cbc2bb44bf4e6c9af7ab08c Copying blob sha256:d9a886e0b7dd989d08a044574306c0dc177c3138db5663a0328537ac8e9e4cc4 Copying blob sha256:b3fcb64cf58259407c5b6f1d4531bff8c580f67d0ef1840ebe5ce729a8422cd7 Copying blob sha256:148772a8efa05ffe31b698ebbc9a1de400732f01e642756c9a0dee26bd347652 Copying blob sha256:105d838bc7b80289686460aac1484e6022546efb1948a860d6cb7f8774f70482 Copying blob sha256:5091fd163bce39ed65840c12a3e32b7ef997a9451717704afba228efd2c57199 Copying blob sha256:8c1a3daeebb082cf2c984b28885f9b6180df56b86d171fd0994234cc5545bea3 Copying blob sha256:d5c0b2a0463b2b82f3a970109a41f942d6c5fa05b770ca27f78686416480a9ce Copying blob sha256:e5c8296303437c10003d87962be320e10012b072ca8d6a01fe7b3c4a89790bdf Copying config sha256:86742e45e0c8389d6303d0ee09805e3238d0911b5f645d74932d09db0feb6ac0 Writing manifest to image destination Storing signatures $ trivy --no-progress --input /image 2021-04-28T15:53:46.661Z INFO Need to update DB 2021-04-28T15:53:46.661Z INFO Downloading DB... 2021-04-28T15:53:57.945Z INFO Detecting RHEL/CentOS vulnerabilities... 2021-04-28T15:53:57.951Z INFO Detecting npm vulnerabilities... /image (redhat 8.3) =================== Total: 329 (UNKNOWN: 0, LOW: 126, MEDIUM: 181, HIGH: 22, CRITICAL: 0) +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | avahi-libs | CVE-2021-3468 | MEDIUM | 0.7-19.el8 | | avahi: Local DoS by | | | | | | | event-busy-loop from | | | | | | | writing long lines to | | | | | | | /run/avahi-daemon/socket | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2017-6519 | LOW | | | avahi: Multicast DNS responds | | | | | | | to unicast queries outside of | | | | | | | local network | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | bash | CVE-2019-18276 | | 4.4.19-12.el8 | | bash: when effective UID is | | | | | | | not equal to its real UID | | | | | | | the... | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | brotli | CVE-2020-8927 | MEDIUM | 1.0.6-2.el8 | | brotli: buffer overflow when | | | | | | | input chunk is larger than | | | | | | | 2GiB | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | bzip2-devel | CVE-2019-12900 | LOW | 1.0.6-26.el8 | | bzip2: out-of-bounds write in | | | | | | | function BZ2_decompress | +------------------------+ + + +---------------+ + | bzip2-libs | | | | | | | | | | | | | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | cairo | CVE-2018-18064 | MEDIUM | 1.15.12-3.el8 | | cairo: Stack-based buffer | | | | | | | overflow via parsing of | | | | | | | crafted WebKitGTK+ document | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-35492 | | | | cairo: libreoffice slideshow | | | | | | | aborts with stack smashing in | | | | | | | cairo's composite_boxes | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-19876 | LOW | | | cairo: Invalid free in | | | | | | | cairo_ft_apply_variations() | | | | | | | resulting in a denial of | | | | | | | service | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6461 | | | | cairo: assertion problem in | | | | | | | _cairo_arc_in_direction in | | | | | | | cairo-arc.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6462 | | | | cairo: infinite loop in the | | | | | | | function _arc_error_normalized | | | | | | | in the file cairo-arc.c | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | cairo-devel | CVE-2018-18064 | MEDIUM | | | cairo: Stack-based buffer | | | | | | | overflow via parsing of | | | | | | | crafted WebKitGTK+ document | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-35492 | | | | cairo: libreoffice slideshow | | | | | | | aborts with stack smashing in | | | | | | | cairo's composite_boxes | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-19876 | LOW | | | cairo: Invalid free in | | | | | | | cairo_ft_apply_variations() | | | | | | | resulting in a denial of | | | | | | | service | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6461 | | | | cairo: assertion problem in | | | | | | | _cairo_arc_in_direction in | | | | | | | cairo-arc.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6462 | | | | cairo: infinite loop in the | | | | | | | function _arc_error_normalized | | | | | | | in the file cairo-arc.c | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | cairo-gobject | CVE-2018-18064 | MEDIUM | | | cairo: Stack-based buffer | | | | | | | overflow via parsing of | | | | | | | crafted WebKitGTK+ document | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-35492 | | | | cairo: libreoffice slideshow | | | | | | | aborts with stack smashing in | | | | | | | cairo's composite_boxes | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-19876 | LOW | | | cairo: Invalid free in | | | | | | | cairo_ft_apply_variations() | | | | | | | resulting in a denial of | | | | | | | service | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6461 | | | | cairo: assertion problem in | | | | | | | _cairo_arc_in_direction in | | | | | | | cairo-arc.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6462 | | | | cairo: infinite loop in the | | | | | | | function _arc_error_normalized | | | | | | | in the file cairo-arc.c | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | cairo-gobject-devel | CVE-2018-18064 | MEDIUM | | | cairo: Stack-based buffer | | | | | | | overflow via parsing of | | | | | | | crafted WebKitGTK+ document | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-35492 | | | | cairo: libreoffice slideshow | | | | | | | aborts with stack smashing in | | | | | | | cairo's composite_boxes | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-19876 | LOW | | | cairo: Invalid free in | | | | | | | cairo_ft_apply_variations() | | | | | | | resulting in a denial of | | | | | | | service | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6461 | | | | cairo: assertion problem in | | | | | | | _cairo_arc_in_direction in | | | | | | | cairo-arc.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6462 | | | | cairo: infinite loop in the | | | | | | | function _arc_error_normalized | | | | | | | in the file cairo-arc.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | coreutils-single | CVE-2017-18018 | MEDIUM | 8.30-8.el8 | | coreutils: race condition | | | | | | | vulnerability in chown and | | | | | | | chgrp | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | cups-libs | CVE-2020-10001 | | 1:2.2.6-38.el8 | | cups: access to uninitialized | | | | | | | buffer in ipp.c | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | curl | CVE-2020-8284 | | 7.61.1-14.el8_3.1 | | curl: FTP PASV command | | | | | | | response can cause curl to | | | | | | | connect to arbitrary... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-8285 | | | | curl: Malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION is | | | | | | | used... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-8286 | | | | curl: Inferior OCSP | | | | | | | verification | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-22876 | | | | curl: Leak of authentication | | | | | | | credentials in URL via | | | | | | | automatic Referer | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-8231 | LOW | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | CURLOPT_CONNECT_ONLY option | | | | | | | set | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | dbus | CVE-2020-35512 | | 1:1.12.8-12.el8_3 | | dbus: users with the same | | | | | | | numeric UID could lead to | | | | | | | use-after-free and... | +------------------------+ + + +---------------+ + | dbus-common | | | | | | | | | | | | | | | | | | | | +------------------------+ + + +---------------+ + | dbus-daemon | | | | | | | | | | | | | | | | | | | | +------------------------+ + + +---------------+ + | dbus-devel | | | | | | | | | | | | | | | | | | | | +------------------------+ + + +---------------+ + | dbus-libs | | | | | | | | | | | | | | | | | | | | +------------------------+ + + +---------------+ + | dbus-tools | | | | | | | | | | | | | | | | | | | | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | file-libs | CVE-2019-18218 | MEDIUM | 5.33-16.el8_3.1 | | file: heap-based | | | | | | | buffer overflow in | | | | | | | cdf_read_property_info in | | | | | | | cdf.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-8905 | LOW | | | file: stack-based buffer | | | | | | | over-read in do_core_note in | | | | | | | readelf.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-8906 | | | | file: out-of-bounds read in | | | | | | | do_core_note in readelf.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | git | CVE-2018-1000021 | MEDIUM | 2.27.0-1.el8 | | git: client prints server-sent | | | | | | | ANSI escape codes to the | | | | | | | terminal, allowing for... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-21300 | | | | git: remote code execution | | | | | | | during clone operation on | | | | | | | case-insensitive filesystems | +------------------------+------------------+ + +---------------+-------------------------------------+ | git-core | CVE-2018-1000021 | | | | git: client prints server-sent | | | | | | | ANSI escape codes to the | | | | | | | terminal, allowing for... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-21300 | | | | git: remote code execution | | | | | | | during clone operation on | | | | | | | case-insensitive filesystems | +------------------------+------------------+ + +---------------+-------------------------------------+ | git-core-doc | CVE-2018-1000021 | | | | git: client prints server-sent | | | | | | | ANSI escape codes to the | | | | | | | terminal, allowing for... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-21300 | | | | git: remote code execution | | | | | | | during clone operation on | | | | | | | case-insensitive filesystems | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | glib-networking | CVE-2020-13645 | | 2.56.1-1.1.el8 | | glib-networking: | | | | | | | GTlsClientConnection silently | | | | | | | ignores unset server identity | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | glib2 | CVE-2021-27218 | | 2.56.4-8.el8 | | glib: integer overflow in | | | | | | | g_byte_array_new_take function | | | | | | | when called with a buffer | | | | | | | of... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-27219 | | | | glib: integer overflow in | | | | | | | g_bytes_new function on 64-bit | | | | | | | platforms due to an... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-16428 | LOW | | | glib2: NULL pointer dereference in | | | | | | | g_markup_parse_context_end_parse() | | | | | | | function in gmarkup.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-16429 | | | | glib2: Out-of-bounds read in | | | | | | | g_markup_parse_context_parse() | | | | | | | in gmarkup.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-13012 | | | | glib2: insecure permissions | | | | | | | for files and directories | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-28153 | | | | glib: g_file_replace() with | | | | | | | G_FILE_CREATE_REPLACE_DESTINATION | | | | | | | creates empty target for dangling | | | | | | | symlink | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | glib2-devel | CVE-2021-27218 | MEDIUM | | | glib: integer overflow in | | | | | | | g_byte_array_new_take function | | | | | | | when called with a buffer | | | | | | | of... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-27219 | | | | glib: integer overflow in | | | | | | | g_bytes_new function on 64-bit | | | | | | | platforms due to an... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-16428 | LOW | | | glib2: NULL pointer dereference in | | | | | | | g_markup_parse_context_end_parse() | | | | | | | function in gmarkup.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-16429 | | | | glib2: Out-of-bounds read in | | | | | | | g_markup_parse_context_parse() | | | | | | | in gmarkup.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-13012 | | | | glib2: insecure permissions | | | | | | | for files and directories | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-28153 | | | | glib: g_file_replace() with | | | | | | | G_FILE_CREATE_REPLACE_DESTINATION | | | | | | | creates empty target for dangling | | | | | | | symlink | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | glibc | CVE-2019-25013 | HIGH | 2.28-127.el8_3.2 | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences | | | | | | | in... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-1010022 | MEDIUM | | | glibc: stack guard protection | | | | | | | bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9169 | | | | glibc: regular-expression | | | | | | | match via proceed_next_node | | | | | | | in posix/regexec.c leads to | | | | | | | heap-based buffer over-read... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure | | | | | | | in ISO-2022-JP-3 gconv | | | | | | | module related to combining | | | | | | | characters | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2016-10228 | LOW | | | glibc: iconv program can | | | | | | | hang when invoked with the -c | | | | | | | option | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance | | | | | | | the... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-27645 | | | | glibc: Use-after-free in | | | | | | | addgetnetgrentX function in | | | | | | | netgroupcache.c | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | glibc-common | CVE-2019-25013 | HIGH | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences | | | | | | | in... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-1010022 | MEDIUM | | | glibc: stack guard protection | | | | | | | bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9169 | | | | glibc: regular-expression | | | | | | | match via proceed_next_node | | | | | | | in posix/regexec.c leads to | | | | | | | heap-based buffer over-read... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure | | | | | | | in ISO-2022-JP-3 gconv | | | | | | | module related to combining | | | | | | | characters | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2016-10228 | LOW | | | glibc: iconv program can | | | | | | | hang when invoked with the -c | | | | | | | option | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance | | | | | | | the... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-27645 | | | | glibc: Use-after-free in | | | | | | | addgetnetgrentX function in | | | | | | | netgroupcache.c | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | glibc-minimal-langpack | CVE-2019-25013 | HIGH | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences | | | | | | | in... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-1010022 | MEDIUM | | | glibc: stack guard protection | | | | | | | bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9169 | | | | glibc: regular-expression | | | | | | | match via proceed_next_node | | | | | | | in posix/regexec.c leads to | | | | | | | heap-based buffer over-read... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure | | | | | | | in ISO-2022-JP-3 gconv | | | | | | | module related to combining | | | | | | | characters | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2016-10228 | LOW | | | glibc: iconv program can | | | | | | | hang when invoked with the -c | | | | | | | option | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance | | | | | | | the... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-27645 | | | | glibc: Use-after-free in | | | | | | | addgetnetgrentX function in | | | | | | | netgroupcache.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | gnupg2 | CVE-2018-1000858 | MEDIUM | 2.2.20-2.el8 | | gnupg2: Cross site | | | | | | | request forgery in dirmngr | | | | | | | resulting in an information | | | | | | | disclosure... | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | gnutls | CVE-2021-20231 | | 3.6.14-8.el8_3 | | gnutls: Use after free in | | | | | | | client key_share extension | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-20232 | | | | gnutls: Use after free | | | | | | | in client_send_params in | | | | | | | lib/ext/pre_shared_key.c | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | jasper-libs | CVE-2017-5503 | | 2.0.14-4.el8 | | jasper: invalid memory write | | | | | | | in dec_clnpass() | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2017-5504 | | | | jasper: Invalid memory read in | | | | | | | jpc_undo_roi | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2017-5505 | | | | jasper: Invalid memory read in | | | | | | | jas_matrix_asl | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-27828 | | | | jasper: Heap-based buffer | | | | | | | overflow in cp_create() in | | | | | | | jpc_enc.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-26926 | | | | jasper: Out of bounds read in | | | | | | | jp2_decode() in jp2_dec.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-26927 | | | | jasper: NULL pointer | | | | | | | dereference in jp2_decode() in | | | | | | | jp2_dec.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3272 | | | | jasper: Heap-based buffer | | | | | | | over-read in jp2_decode() in | | | | | | | jp2_dec.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3443 | | | | jasper: NULL pointer | | | | | | | dereference in jp2_decode() in | | | | | | | jp2_dec.c | + +------------------+ + +---------------+ + | | CVE-2021-3467 | | | | | | | | | | | | | | | | | | | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2017-13745 | LOW | | | jasper: reachable abort in | | | | | | | jpc_dec_process_sot() | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2017-5499 | | | | jasper: Signed integer | | | | | | | overflow in jpc_dequantize() | | | | | | | in jpc_dec.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2017-9782 | | | | jasper: cdef.ents[] | | | | | | | heap-based buffer over-read in | | | | | | | jp2_decode() | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-18873 | | | | jasper: NULL pointer | | | | | | | dereference in | | | | | | | ras_putdatastd() in ras_enc.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19139 | | | | jasper: memory leak | | | | | | | of data allocated in | | | | | | | jpc_unk_getparms() after abort | | | | | | | in jpc_dec_process_sot()... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19539 | | | | jasper: access violation | | | | | | | in jas_image_readcmpt() in | | | | | | | jas_image.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19540 | | | | jasper: heap-based buffer | | | | | | | overflow of size 1 in | | | | | | | jas_icctxtdesc_input in | | | | | | | libjasper/base/jas_icc.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19541 | | | | jasper: heap-based buffer | | | | | | | over-read of size 8 in | | | | | | | jas_image_depalettize in | | | | | | | libjasper/base/jas_image.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19542 | | | | jasper: invalid access | | | | | | | in jp2_decode in | | | | | | | libjasper/jp2/jp2_dec.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19543 | | | | jasper: heap-based buffer | | | | | | | over-read in jp2_decode() in | | | | | | | jp2_dec.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-20570 | | | | jasper: heap-based buffer | | | | | | | over-read in jp2_encode() | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-20622 | | | | jasper: memory leak in | | | | | | | jpc_dec_decodepkt() | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-9055 | | | | jasper: reachable assertion in | | | | | | | jpc_firstone() in jpc_math.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-9252 | | | | jasper: reachable assertion | | | | | | | in jpc_abstorelstepsize() in | | | | | | | jpc_enc.c | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | jq | CVE-2016-4074 | | 1.5-12.el8 | | jq: stack exhaustion via | | | | | | | jv_dump_term() function | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | json-c | CVE-2020-12762 | MEDIUM | 0.13.1-0.2.el8 | | json-c: integer overflow and | | | | | | | out-of-bounds write via a | | | | | | | large JSON file | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | krb5-libs | CVE-2020-28196 | | 1.18.2-5.el8 | | krb5: unbounded recursion | | | | | | | via an ASN.1-encoded | | | | | | | Kerberos message in | | | | | | | lib/krb5/asn.1/asn1_encode.c | | | | | | | may lead... | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | lcms2 | CVE-2018-16435 | | 2.9-2.el8 | | lcms2: Integer overflow | | | | | | | in AllocateDataSet() in | | | | | | | cmscgats.c leading to | | | | | | | heap-based buffer overflow... | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libX11 | CVE-2020-14363 | HIGH | 1.6.8-3.el8 | | libX11: integer overflow | | | | | | | leads to double free in locale | | | | | | | handling | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-14344 | MEDIUM | | | libX11: Heap overflow in the X | | | | | | | input method client | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | libX11-common | CVE-2020-14363 | HIGH | | | libX11: integer overflow | | | | | | | leads to double free in locale | | | | | | | handling | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-14344 | MEDIUM | | | libX11: Heap overflow in the X | | | | | | | input method client | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | libX11-devel | CVE-2020-14363 | HIGH | | | libX11: integer overflow | | | | | | | leads to double free in locale | | | | | | | handling | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-14344 | MEDIUM | | | libX11: Heap overflow in the X | | | | | | | input method client | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | libX11-xcb | CVE-2020-14363 | HIGH | | | libX11: integer overflow | | | | | | | leads to double free in locale | | | | | | | handling | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-14344 | MEDIUM | | | libX11: Heap overflow in the X | | | | | | | input method client | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | libarchive | CVE-2017-14502 | | 3.3.2-9.el8 | | libarchive: Off-by-one error | | | | | | | in the read_header function | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-21674 | | | | libarchive: heap-based | | | | | | | buffer overflow in | | | | | | | archive_string_append_from_wcs | | | | | | | function in archive_string.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2017-14166 | LOW | | | libarchive: Heap-based | | | | | | | buffer over-read in the atol8 | | | | | | | function | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2017-14501 | | | | libarchive: Out-of-bounds read | | | | | | | in parse_file_info | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-1000879 | | | | libarchive: NULL pointer | | | | | | | dereference in ACL parser | | | | | | | resulting in a denial of... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-1000880 | | | | libarchive: Improper input | | | | | | | validation in WARC parser | | | | | | | resulting in a denial of... | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libcurl | CVE-2020-8284 | MEDIUM | 7.61.1-14.el8_3.1 | | curl: FTP PASV command | | | | | | | response can cause curl to | | | | | | | connect to arbitrary... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-8285 | | | | curl: Malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION is | | | | | | | used... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-8286 | | | | curl: Inferior OCSP | | | | | | | verification | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-22876 | | | | curl: Leak of authentication | | | | | | | credentials in URL via | | | | | | | automatic Referer | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-8231 | LOW | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | CURLOPT_CONNECT_ONLY option | | | | | | | set | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | libdb | CVE-2019-2708 | | 5.3.28-39.el8 | | libdb: Denial of service in | | | | | | | the Data Store component | +------------------------+ + + +---------------+ + | libdb-utils | | | | | | | | | | | | | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libdnf | CVE-2021-3445 | MEDIUM | 0.48.0-5.el8 | | libdnf: libdnf does its own | | | | | | | signature verification, but | | | | | | | this can be tricked... | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | libgcc | CVE-2018-20673 | | 8.3.1-5.1.el8 | | libiberty: Integer overflow in | | | | | | | demangle_template() function | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-20657 | LOW | | | libiberty: Memory leak in | | | | | | | demangle_template function | | | | | | | resulting in a denial of | | | | | | | service... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-14250 | | | | binutils: integer overflow in | | | | | | | simple-object-elf.c leads to a | | | | | | | heap-based buffer overflow | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libgcrypt | CVE-2019-12904 | MEDIUM | 1.8.5-4.el8 | | Libgcrypt: physical addresses | | | | | | | being available to other | | | | | | | processes leads to a | | | | | | | flush-and-reload... | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | libgomp | CVE-2018-20673 | | 8.3.1-5.1.el8 | | libiberty: Integer overflow in | | | | | | | demangle_template() function | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-20657 | LOW | | | libiberty: Memory leak in | | | | | | | demangle_template function | | | | | | | resulting in a denial of | | | | | | | service... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-14250 | | | | binutils: integer overflow in | | | | | | | simple-object-elf.c leads to a | | | | | | | heap-based buffer overflow | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libjpeg-turbo | CVE-2019-2201 | MEDIUM | 1.5.3-10.el8 | | libjpeg-turbo: several integer | | | | | | | overflows and subsequent | | | | | | | segfaults when attempting | | | | | | | to compress/decompress | | | | | | | gigapixel... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-13790 | | | | libjpeg-turbo: heap-based | | | | | | | buffer over-read in | | | | | | | get_rgb_row() in rdppm.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libpng | CVE-2019-7317 | LOW | 2:1.6.34-5.el8 | | libpng: use-after-free in | | | | | | | png_image_free in png.c | +------------------------+ + + +---------------+ + | libpng-devel | | | | | | | | | | | | | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libproxy | CVE-2020-25219 | MEDIUM | 0.4.15-5.2.el8 | | libproxy: uncontrolled | | | | | | | recursion via an infinite | | | | | | | stream response leading to | | | | | | | stack exhaustion... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-26154 | | | | libproxy: sending more than | | | | | | | 102400 bytes in PAC without a | | | | | | | Content-Length present... | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libssh | CVE-2020-16135 | LOW | 0.9.4-2.el8 | | libssh: NULL pointer | | | | | | | dereference in sftpserver.c if | | | | | | | ssh_buffer_new returns NULL | +------------------------+ + + +---------------+ + | libssh-config | | | | | | | | | | | | | | | | | | | | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libstdc++ | CVE-2018-20673 | MEDIUM | 8.3.1-5.1.el8 | | libiberty: Integer overflow in | | | | | | | demangle_template() function | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-20657 | LOW | | | libiberty: Memory leak in | | | | | | | demangle_template function | | | | | | | resulting in a denial of | | | | | | | service... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-14250 | | | | binutils: integer overflow in | | | | | | | simple-object-elf.c leads to a | | | | | | | heap-based buffer overflow | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | libtasn1 | CVE-2018-1000654 | | 4.13-3.el8 | | libtasn1: Infinite loop in | | | | | | | _asn1_expand_object_id(ptree) | | | | | | | leads to memory exhaustion | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libtiff | CVE-2017-17095 | MEDIUM | 4.0.9-18.el8 | | libtiff: Heap-based buffer | | | | | | | overflow in tools/pal2rgb.c | | | | | | | can lead to denial of | | | | | | | service... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-15209 | | | | libtiff: Heap-based | | | | | | | buffer overflow in | | | | | | | ChopUpSingleUncompressedStrip | | | | | | | in tif_dirread.c | + +------------------+ + +---------------+ + | | CVE-2018-16335 | | | | | | | | | | | | | | | | | | | | | | | | | | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-35523 | | | | libtiff: Integer overflow in | | | | | | | tif_getimage.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-35524 | | | | libtiff: Heap-based buffer | | | | | | | overflow in TIFF2PDF tool | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-10779 | LOW | | | libtiff: heap-based buffer | | | | | | | over-read in TIFFWriteScanline | | | | | | | function in tif_write.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-10801 | | | | libtiff: memory leak in | | | | | | | bmp2tiff tool | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-17101 | | | | libtiff: Two out-of-bounds | | | | | | | writes in cpTags in | | | | | | | tools/tiff2bw.c and | | | | | | | tools/pal2rgb.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19210 | | | | libtiff: NULL pointer | | | | | | | dereference in | | | | | | | TIFFWriteDirectorySec function | | | | | | | in tif_dirwrite.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-5360 | | | | LibTIFF: heap-based buffer | | | | | | | over-read in the ReadTIFFImage | | | | | | | function in coders/tiff.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6128 | | | | libtiff: memory leak in | | | | | | | TIFFFdOpen function in | | | | | | | tif_unix.c when using pal2rgb | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-35521 | | | | libtiff: Memory allocation | | | | | | | failure in tiff2rgba | + +------------------+ + +---------------+ + | | CVE-2020-35522 | | | | | | | | | | | | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libxml2 | CVE-2020-24977 | MEDIUM | 2.9.7-8.el8 | | libxml2: Buffer overflow | | | | | | | vulnerability in | | | | | | | xmlEncodeEntitiesInternal() in | | | | | | | entities.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | libzstd | CVE-2021-24032 | LOW | 1.4.4-1.el8 | | zstd: Race condition | | | | | | | allows attacker to access | | | | | | | world-readable destination | | | | | | | file | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | lua-libs | CVE-2020-15945 | MEDIUM | 5.3.4-11.el8 | | lua: segmentation fault in | | | | | | | changedline in ldebug.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-24370 | LOW | | | lua: segmentation fault | | | | | | | in getlocal and setlocal | | | | | | | functions in ldebug.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | lz4-libs | CVE-2019-17543 | MEDIUM | 1.8.3-2.el8 | | lz4: heap-based buffer | | | | | | | overflow in LZ4_write32 | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | mesa-libEGL | CVE-2019-5068 | | 20.1.4-1.el8 | | mesa: security bypass in 3D | | | | | | | library graphics | +------------------------+ + + +---------------+ + | mesa-libGL | | | | | | | | | | | | | +------------------------+ + + +---------------+ + | mesa-libgbm | | | | | | | | | | | | | +------------------------+ + + +---------------+ + | mesa-libglapi | | | | | | | | | | | | | +------------------------+ + + +---------------+ + | mesa-vulkan-drivers | | | | | | | | | | | | | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | ncurses | CVE-2019-17594 | | 6.1-7.20180224.el8 | | ncurses: heap-based buffer | | | | | | | overflow in the _nc_find_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-17595 | | | | ncurses: heap-based buffer | | | | | | | overflow in the fmt_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-19211 | LOW | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_parse_entry in | | | | | | | parse_entry.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19217 | | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_name_match | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | ncurses-base | CVE-2019-17594 | MEDIUM | | | ncurses: heap-based buffer | | | | | | | overflow in the _nc_find_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-17595 | | | | ncurses: heap-based buffer | | | | | | | overflow in the fmt_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-19211 | LOW | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_parse_entry in | | | | | | | parse_entry.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19217 | | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_name_match | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | ncurses-libs | CVE-2019-17594 | MEDIUM | | | ncurses: heap-based buffer | | | | | | | overflow in the _nc_find_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-17595 | | | | ncurses: heap-based buffer | | | | | | | overflow in the fmt_entry | | | | | | | function in tinfo/comp_hash.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-19211 | LOW | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_parse_entry in | | | | | | | parse_entry.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2018-19217 | | | | ncurses: Null pointer | | | | | | | dereference at function | | | | | | | _nc_name_match | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | nodejs | CVE-2017-15897 | | 1:10.24.0-1.module+el8.3.0+10166+b07ac28e | | nodejs: Unitialized buffer due | | | | | | | to incorrect encoding | +------------------------+ + + +---------------+ + | nodejs-full-i18n | | | | | | | | | | | | | +------------------------+ + +-----------------------------------------------------+---------------+ + | npm | | | 1:6.14.11-1.10.24.0.1.module+el8.3.0+10166+b07ac28e | | | | | | | | | | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | nss | CVE-2020-12399 | MEDIUM | 3.53.1-17.el8_3 | | nss: Timing attack on DSA | | | | | | | signature generation | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-12401 | | | | nss: ECDSA timing attack | | | | | | | mitigation bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-25648 | | | | nss: TLS 1.3 CCS flood remote | | | | | | | DoS Attack | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-12413 | LOW | | | nss: Information exposure when | | | | | | | DH secret are reused across | | | | | | | multiple TLS connections... | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | nss-softokn | CVE-2020-12399 | MEDIUM | | | nss: Timing attack on DSA | | | | | | | signature generation | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-12401 | | | | nss: ECDSA timing attack | | | | | | | mitigation bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-25648 | | | | nss: TLS 1.3 CCS flood remote | | | | | | | DoS Attack | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-12413 | LOW | | | nss: Information exposure when | | | | | | | DH secret are reused across | | | | | | | multiple TLS connections... | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | nss-softokn-freebl | CVE-2020-12399 | MEDIUM | | | nss: Timing attack on DSA | | | | | | | signature generation | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-12401 | | | | nss: ECDSA timing attack | | | | | | | mitigation bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-25648 | | | | nss: TLS 1.3 CCS flood remote | | | | | | | DoS Attack | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-12413 | LOW | | | nss: Information exposure when | | | | | | | DH secret are reused across | | | | | | | multiple TLS connections... | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | nss-sysinit | CVE-2020-12399 | MEDIUM | | | nss: Timing attack on DSA | | | | | | | signature generation | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-12401 | | | | nss: ECDSA timing attack | | | | | | | mitigation bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-25648 | | | | nss: TLS 1.3 CCS flood remote | | | | | | | DoS Attack | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-12413 | LOW | | | nss: Information exposure when | | | | | | | DH secret are reused across | | | | | | | multiple TLS connections... | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | nss-util | CVE-2020-12399 | MEDIUM | | | nss: Timing attack on DSA | | | | | | | signature generation | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-12401 | | | | nss: ECDSA timing attack | | | | | | | mitigation bypass | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-25648 | | | | nss: TLS 1.3 CCS flood remote | | | | | | | DoS Attack | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-12413 | LOW | | | nss: Information exposure when | | | | | | | DH secret are reused across | | | | | | | multiple TLS connections... | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | oniguruma | CVE-2019-13224 | MEDIUM | 6.8.2-2.el8 | | oniguruma: Use-after-free in | | | | | | | onig_new_deluxe() in regext.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-16163 | | | | oniguruma: Stack exhaustion in | | | | | | | regcomp.c because of recursion | | | | | | | in regparse.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-19012 | | | | oniguruma: integer overflow | | | | | | | in search_in_range function | | | | | | | in regexec.c leads to | | | | | | | out-of-bounds read... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-19203 | | | | oniguruma: Heap-based | | | | | | | buffer over-read in function | | | | | | | gb18030_mbc_enc_len in file | | | | | | | gb18030.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-19204 | | | | oniguruma: Heap-based | | | | | | | buffer over-read in function | | | | | | | fetch_interval_quantifier in | | | | | | | regparse.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-19246 | LOW | | | oniguruma: Heap-based | | | | | | | buffer overflow in | | | | | | | str_lower_case_match in | | | | | | | regexec.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | openssh | CVE-2020-14145 | MEDIUM | 8.0p1-5.el8 | | openssh: Observable | | | | | | | Discrepancy leading to an | | | | | | | information leak in the | | | | | | | algorithm negotiation... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-15778 | | | | openssh: scp allows command | | | | | | | injection when using | | | | | | | backtick characters in the | | | | | | | destination... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-15919 | LOW | | | openssh: User enumeration | | | | | | | via malformed packets in | | | | | | | authentication requests | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6110 | | | | openssh: Acceptance and | | | | | | | display of arbitrary stderr | | | | | | | allows for spoofing of scp... | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | openssh-clients | CVE-2020-14145 | MEDIUM | | | openssh: Observable | | | | | | | Discrepancy leading to an | | | | | | | information leak in the | | | | | | | algorithm negotiation... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-15778 | | | | openssh: scp allows command | | | | | | | injection when using | | | | | | | backtick characters in the | | | | | | | destination... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2018-15919 | LOW | | | openssh: User enumeration | | | | | | | via malformed packets in | | | | | | | authentication requests | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-6110 | | | | openssh: Acceptance and | | | | | | | display of arbitrary stderr | | | | | | | allows for spoofing of scp... | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | openssl | CVE-2021-23840 | MEDIUM | 1:1.1.1g-15.el8_3 | | openssl: integer overflow in | | | | | | | CipherUpdate | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-23841 | | | | openssl: NULL pointer | | | | | | | dereference in | | | | | | | X509_issuer_and_serial_hash() | +------------------------+------------------+ + +---------------+-------------------------------------+ | openssl-libs | CVE-2021-23840 | | | | openssl: integer overflow in | | | | | | | CipherUpdate | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-23841 | | | | openssl: NULL pointer | | | | | | | dereference in | | | | | | | X509_issuer_and_serial_hash() | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | p11-kit | CVE-2020-29361 | | 0.23.14-5.el8_0 | | p11-kit: integer overflow when | | | | | | | allocating memory for arrays | | | | | | | or attributes and object... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-29362 | | | | p11-kit: out-of-bounds read in | | | | | | | p11_rpc_buffer_get_byte_array | | | | | | | function in rpc-message.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-29363 | | | | p11-kit: out-of-bounds write in | | | | | | | p11_rpc_buffer_get_byte_array_value | | | | | | | function in rpc-message.c | +------------------------+------------------+ + +---------------+-------------------------------------+ | p11-kit-trust | CVE-2020-29361 | | | | p11-kit: integer overflow when | | | | | | | allocating memory for arrays | | | | | | | or attributes and object... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-29362 | | | | p11-kit: out-of-bounds read in | | | | | | | p11_rpc_buffer_get_byte_array | | | | | | | function in rpc-message.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-29363 | | | | p11-kit: out-of-bounds write in | | | | | | | p11_rpc_buffer_get_byte_array_value | | | | | | | function in rpc-message.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | pcre | CVE-2019-20838 | LOW | 8.42-4.el8 | | pcre: buffer over-read in JIT | | | | | | | when UTF is disabled | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14155 | | | | pcre: integer overflow in | | | | | | | libpcre | +------------------------+------------------+ + +---------------+-------------------------------------+ | pcre-cpp | CVE-2019-20838 | | | | pcre: buffer over-read in JIT | | | | | | | when UTF is disabled | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14155 | | | | pcre: integer overflow in | | | | | | | libpcre | +------------------------+------------------+ + +---------------+-------------------------------------+ | pcre-devel | CVE-2019-20838 | | | | pcre: buffer over-read in JIT | | | | | | | when UTF is disabled | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14155 | | | | pcre: integer overflow in | | | | | | | libpcre | +------------------------+------------------+ + +---------------+-------------------------------------+ | pcre-utf16 | CVE-2019-20838 | | | | pcre: buffer over-read in JIT | | | | | | | when UTF is disabled | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14155 | | | | pcre: integer overflow in | | | | | | | libpcre | +------------------------+------------------+ + +---------------+-------------------------------------+ | pcre-utf32 | CVE-2019-20838 | | | | pcre: buffer over-read in JIT | | | | | | | when UTF is disabled | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14155 | | | | pcre: integer overflow in | | | | | | | libpcre | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | perl-Errno | CVE-2020-10543 | MEDIUM | 1.28-417.el8_3 | | perl: heap-based buffer | | | | | | | overflow in regular expression | | | | | | | compiler leads to DoS | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-10878 | | | | perl: corruption of | | | | | | | intermediate language state | | | | | | | of compiled regular expression | | | | | | | due to... | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | perl-Git | CVE-2018-1000021 | | 2.27.0-1.el8 | | git: client prints server-sent | | | | | | | ANSI escape codes to the | | | | | | | terminal, allowing for... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-21300 | | | | git: remote code execution | | | | | | | during clone operation on | | | | | | | case-insensitive filesystems | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | perl-IO | CVE-2020-10543 | | 1.38-417.el8_3 | | perl: heap-based buffer | | | | | | | overflow in regular expression | | | | | | | compiler leads to DoS | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-10878 | | | | perl: corruption of | | | | | | | intermediate language state | | | | | | | of compiled regular expression | | | | | | | due to... | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | perl-interpreter | CVE-2020-10543 | | 4:5.26.3-417.el8_3 | | perl: heap-based buffer | | | | | | | overflow in regular expression | | | | | | | compiler leads to DoS | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-10878 | | | | perl: corruption of | | | | | | | intermediate language state | | | | | | | of compiled regular expression | | | | | | | due to... | +------------------------+------------------+ + +---------------+-------------------------------------+ | perl-libs | CVE-2020-10543 | | | | perl: heap-based buffer | | | | | | | overflow in regular expression | | | | | | | compiler leads to DoS | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-10878 | | | | perl: corruption of | | | | | | | intermediate language state | | | | | | | of compiled regular expression | | | | | | | due to... | +------------------------+------------------+ + +---------------+-------------------------------------+ | perl-macros | CVE-2020-10543 | | | | perl: heap-based buffer | | | | | | | overflow in regular expression | | | | | | | compiler leads to DoS | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-10878 | | | | perl: corruption of | | | | | | | intermediate language state | | | | | | | of compiled regular expression | | | | | | | due to... | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | platform-python | CVE-2020-26116 | | 3.6.8-31.el8 | | python: CRLF injection | | | | | | | via HTTP request method in | | | | | | | httplib/http.client | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-27619 | | | | python: Python 3 eval of http | | | | | | | resources during test suite | | | | | | | runs | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-23336 | | | | python: Web Cache Poisoning | | | | | | | via urllib.parse.parse_qsl and | | | | | | | urllib.parse.parse_qs by using | | | | | | | a semicolon... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3177 | | | | python: stack-based buffer | | | | | | | overflow in PyCArg_repr in | | | | | | | _ctypes/callproc.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3426 | | | | python: information disclosure | | | | | | | via pydoc | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-9674 | LOW | | | python: Nested zip file | | | | | | | (Zip bomb) vulnerability in | | | | | | | Lib/zipfile.py | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | python3-hawkey | CVE-2021-3445 | MEDIUM | 0.48.0-5.el8 | | libdnf: libdnf does its own | | | | | | | signature verification, but | | | | | | | this can be tricked... | +------------------------+ + + +---------------+ + | python3-libdnf | | | | | | | | | | | | | | | | | | | | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | python3-libs | CVE-2020-26116 | | 3.6.8-31.el8 | | python: CRLF injection | | | | | | | via HTTP request method in | | | | | | | httplib/http.client | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-27619 | | | | python: Python 3 eval of http | | | | | | | resources during test suite | | | | | | | runs | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-23336 | | | | python: Web Cache Poisoning | | | | | | | via urllib.parse.parse_qsl and | | | | | | | urllib.parse.parse_qs by using | | | | | | | a semicolon... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3177 | | | | python: stack-based buffer | | | | | | | overflow in PyCArg_repr in | | | | | | | _ctypes/callproc.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3426 | | | | python: information disclosure | | | | | | | via pydoc | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-9674 | LOW | | | python: Nested zip file | | | | | | | (Zip bomb) vulnerability in | | | | | | | Lib/zipfile.py | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | python3-libxml2 | CVE-2020-24977 | MEDIUM | 2.9.7-8.el8 | | libxml2: Buffer overflow | | | | | | | vulnerability in | | | | | | | xmlEncodeEntitiesInternal() in | | | | | | | entities.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | python3-pip-wheel | CVE-2018-20225 | LOW | 9.0.3-18.el8 | | python-pip: when | | | | | | | --extra-index-url option is | | | | | | | used and package does not | | | | | | | already exist... | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | python3-rpm | CVE-2021-20271 | MEDIUM | 4.14.3-4.el8 | | rpm: Signature checks bypass | | | | | | | via corrupted rpm package | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3421 | | | | rpm: unsigned signature header | | | | | | | leads to string injection into | | | | | | | an rpm database... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2021-20266 | LOW | | | rpm: missing length checks in | | | | | | | hdrblobInit() | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | python3-urllib3 | CVE-2020-26137 | MEDIUM | 1.24.2-4.el8 | | python-urllib3: CRLF injection | | | | | | | via HTTP request method | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | rpm | CVE-2021-20271 | | 4.14.3-4.el8 | | rpm: Signature checks bypass | | | | | | | via corrupted rpm package | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3421 | | | | rpm: unsigned signature header | | | | | | | leads to string injection into | | | | | | | an rpm database... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2021-20266 | LOW | | | rpm: missing length checks in | | | | | | | hdrblobInit() | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | rpm-build-libs | CVE-2021-20271 | MEDIUM | | | rpm: Signature checks bypass | | | | | | | via corrupted rpm package | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3421 | | | | rpm: unsigned signature header | | | | | | | leads to string injection into | | | | | | | an rpm database... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2021-20266 | LOW | | | rpm: missing length checks in | | | | | | | hdrblobInit() | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | rpm-libs | CVE-2021-20271 | MEDIUM | | | rpm: Signature checks bypass | | | | | | | via corrupted rpm package | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3421 | | | | rpm: unsigned signature header | | | | | | | leads to string injection into | | | | | | | an rpm database... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2021-20266 | LOW | | | rpm: missing length checks in | | | | | | | hdrblobInit() | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | sqlite-libs | CVE-2019-5827 | HIGH | 3.26.0-11.el8 | | chromium-browser: | | | | | | | out-of-bounds access in SQLite | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-13750 | MEDIUM | | | sqlite: dropping of shadow | | | | | | | tables not restricted in | | | | | | | defensive mode | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-13751 | | | | sqlite: fts3: improve | | | | | | | detection of corrupted records | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-19603 | | | | sqlite: mishandles certain | | | | | | | SELECT statements with a | | | | | | | nonexistent VIEW, leading to | | | | | | | DoS... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-19645 | | | | sqlite: infinite recursion | | | | | | | via certain types of | | | | | | | self-referential views in | | | | | | | conjunction with... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-19880 | | | | sqlite: invalid | | | | | | | pointer dereference in | | | | | | | exprListAppendList in window.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-13434 | | | | sqlite: integer overflow in | | | | | | | sqlite3_str_vappendf function | | | | | | | in printf.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-13435 | | | | sqlite: NULL pointer | | | | | | | dereference leads to | | | | | | | segmentation fault in | | | | | | | sqlite3ExprCodeTarget in | | | | | | | expr.c... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-15358 | | | | sqlite: heap-based | | | | | | | buffer overflow in | | | | | | | multiSelectOrderBy due to | | | | | | | mishandling of query-flattener | | | | | | | optimization... | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-19244 | LOW | | | sqlite: allows a crash if a | | | | | | | sub-select uses both DISTINCT | | | | | | | and window... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9936 | | | | sqlite: heap-based buffer | | | | | | | over-read in function | | | | | | | fts5HashEntrySort in sqlite3.c | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-9937 | | | | sqlite: null-pointer | | | | | | | dereference in function | | | | | | | fts5ChunkIterate in sqlite3.c | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | systemd | CVE-2018-20839 | MEDIUM | 239-41.el8_3.2 | | systemd: mishandling of the | | | | | | | current keyboard mode check | | | | | | | leading to passwords being... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-3842 | | | | systemd: Spoofing of | | | | | | | XDG_SEAT allows for actions | | | | | | | to be checked against | | | | | | | "allow_active"... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-13776 | | | | systemd: Mishandles numerical | | | | | | | usernames beginning with | | | | | | | decimal digits or 0x followed | | | | | | | by... | +------------------------+------------------+ + +---------------+-------------------------------------+ | systemd-libs | CVE-2018-20839 | | | | systemd: mishandling of the | | | | | | | current keyboard mode check | | | | | | | leading to passwords being... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-3842 | | | | systemd: Spoofing of | | | | | | | XDG_SEAT allows for actions | | | | | | | to be checked against | | | | | | | "allow_active"... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-13776 | | | | systemd: Mishandles numerical | | | | | | | usernames beginning with | | | | | | | decimal digits or 0x followed | | | | | | | by... | +------------------------+------------------+ + +---------------+-------------------------------------+ | systemd-pam | CVE-2018-20839 | | | | systemd: mishandling of the | | | | | | | current keyboard mode check | | | | | | | leading to passwords being... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2019-3842 | | | | systemd: Spoofing of | | | | | | | XDG_SEAT allows for actions | | | | | | | to be checked against | | | | | | | "allow_active"... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-13776 | | | | systemd: Mishandles numerical | | | | | | | usernames beginning with | | | | | | | decimal digits or 0x followed | | | | | | | by... | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | tar | CVE-2021-20193 | | 2:1.30-5.el8 | | tar: Memory leak in | | | | | | | read_header() in list.c | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2019-9923 | LOW | | | tar: null-pointer dereference | | | | | | | in pax_decode_header in | | | | | | | sparse.c | +------------------------+------------------+ +-----------------------------------------------------+---------------+-------------------------------------+ | vim-minimal | CVE-2018-20786 | | 2:8.0.1763-15.el8 | | libvterm: NULL | | | | | | | pointer dereference in | | | | | | | vterm_screen_set_callbacks | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | xdg-utils | CVE-2020-27748 | MEDIUM | 1.1.2-5.el8 | | xdg-utils: local file | | | | | | | inclusion vulnerability | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ | xorg-x11-server-Xvfb | CVE-2020-14345 | HIGH | 1.20.8-6.1.el8_3 | | xorg-x11-server: Out-of-bounds | | | | | | | access in XkbSetNames function | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14346 | | | | xorg-x11-server: Integer | | | | | | | underflow in the X input | | | | | | | extension protocol | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14360 | | | | xorg-x11-server: Out-of-bounds | | | | | | | access in XkbSetMap function | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14361 | | | | xorg-x11-server: | | | | | | | XkbSelectEvents integer | | | | | | | underflow privilege escalation | | | | | | | vulnerability | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14362 | | | | xorg-x11-server: | | | | | | | XRecordRegisterClients integer | | | | | | | underflow privilege escalation | | | | | | | vulnerability | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-25712 | | | | xorg-x11-server: | | | | | | | XkbSetDeviceInfo heap-based | | | | | | | buffer overflow privilege | | | | | | | escalation vulnerability | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3472 | | | | xorg-x11-server: | | | | | | | XChangeFeedbackControl integer | | | | | | | underflow leads to privilege | | | | | | | escalation | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-14347 | MEDIUM | | | xorg-x11-server: Leak of | | | | | | | uninitialized heap memory from | | | | | | | the X server to clients... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-25697 | | | | xorg-x11-server: local | | | | | | | privilege escalation | +------------------------+------------------+----------+ +---------------+-------------------------------------+ | xorg-x11-server-common | CVE-2020-14345 | HIGH | | | xorg-x11-server: Out-of-bounds | | | | | | | access in XkbSetNames function | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14346 | | | | xorg-x11-server: Integer | | | | | | | underflow in the X input | | | | | | | extension protocol | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14360 | | | | xorg-x11-server: Out-of-bounds | | | | | | | access in XkbSetMap function | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14361 | | | | xorg-x11-server: | | | | | | | XkbSelectEvents integer | | | | | | | underflow privilege escalation | | | | | | | vulnerability | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-14362 | | | | xorg-x11-server: | | | | | | | XRecordRegisterClients integer | | | | | | | underflow privilege escalation | | | | | | | vulnerability | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-25712 | | | | xorg-x11-server: | | | | | | | XkbSetDeviceInfo heap-based | | | | | | | buffer overflow privilege | | | | | | | escalation vulnerability | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2021-3472 | | | | xorg-x11-server: | | | | | | | XChangeFeedbackControl integer | | | | | | | underflow leads to privilege | | | | | | | escalation | + +------------------+----------+ +---------------+-------------------------------------+ | | CVE-2020-14347 | MEDIUM | | | xorg-x11-server: Leak of | | | | | | | uninitialized heap memory from | | | | | | | the X server to clients... | + +------------------+ + +---------------+-------------------------------------+ | | CVE-2020-25697 | | | | xorg-x11-server: local | | | | | | | privilege escalation | +------------------------+------------------+----------+-----------------------------------------------------+---------------+-------------------------------------+ package-lock.json ================= Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) $ trivy --no-progress -f json -o gl-container-scanning-report.json --input /image 2021-04-28T15:53:58.003Z INFO Detecting RHEL/CentOS vulnerabilities... 2021-04-28T15:53:58.009Z INFO Detecting npm vulnerabilities... $ echo "This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans" This scan is currently only implemented for awareness, no pipeline actions are taken as a result of the scans section_end:1619625238:step_script section_start:1619625238:upload_artifacts_on_success Uploading artifacts for successful job Uploading artifacts... gl-container-scanning-report.json: found 1 matching files and directories Uploading artifacts as "container_scanning" to coordinator... ok id=2991537 responseStatus=201 Created token=g9nsDues section_end:1619625238:upload_artifacts_on_success section_start:1619625238:cleanup_file_variables Cleaning up file based variables section_end:1619625239:cleanup_file_variables Job succeeded