codedx_xml/cdx1.xml

<?xml version='1.0' encoding='utf-8'?>
<report date="2020-05-16T15:00:15.505377"><findings><finding severity="high" type="Network"><description format="plain-text">(CIS_Docker_CE_v1.1.0 - 1.4) Only allow trusted users to control Docker daemon</description><location path="" type="url" /><tool category="host_config" code="16" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Docker_CE_v1.1.0 - 2.1) Restrict network traffic between containers</description><location path="" type="url" /><tool category="daemon_config" code="21" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Docker_CE_v1.1.0 - 2.8) Enable user namespace support</description><location path="" type="url" /><tool category="daemon_config" code="28" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Docker_CE_v1.1.0 - 2.11) Use authorization plugin</description><location path="" type="url" /><tool category="daemon_config" code="211" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Docker_CE_v1.1.0 - 2.18) Ensure containers are restricted from acquiring new privileges</description><location path="" type="url" /><tool category="daemon_config" code="224" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 3.2.1) Ensure source routed packets are not accepted</description><location path="" type="url" /><tool category="linux" code="6321" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 1.5.1) Ensure core dumps are restricted</description><location path="" type="url" /><tool category="linux" code="6151" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 5.2.1) Ensure permissions on /etc/ssh/sshd_config are configured</description><location path="" type="url" /><tool category="linux" code="6521" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 5.2.8) Ensure SSH root login is disabled</description><location path="" type="url" /><tool category="linux" code="6528" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 4.1.15) Ensure changes to system administration scope (sudoers) is collected</description><location path="" type="url" /><tool category="linux" code="64115" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 4.1.17) Ensure kernel module loading and unloading is collected</description><location path="" type="url" /><tool category="linux" code="64117" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 4.1.17) Ensure kernel module loading and unloading is collected</description><location path="" type="url" /><tool category="linux" code="64117" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 4.1.13) Ensure successful file system mounts are collected</description><location path="" type="url" /><tool category="linux" code="641113" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 4.1.18) Ensure the audit configuration is immutable</description><location path="" type="url" /><tool category="linux" code="64118" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 1.4.1) Ensure permissions on bootloader config are configured</description><location path="" type="url" /><tool category="linux" code="6141" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 1.4.1) Ensure permissions on bootloader config are configured</description><location path="" type="url" /><tool category="linux" code="6141" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 6.2.10) Ensure users' dot files are not group or world writable</description><location path="" type="url" /><tool category="linux" code="66210" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 6.2.7) Ensure all users' home directories exist</description><location path="" type="url" /><tool category="linux" code="6627" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 6.2.8) Ensure users' home directories permissions are 750 or more restrictive</description><location path="" type="url" /><tool category="linux" code="6628" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Linux_1.1.0 - 5.1.8) Ensure at/cron is restricted to authorized users</description><location path="" type="url" /><tool category="linux" code="6518" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /></metadata></finding><finding severity="low" type="Network"><description format="plain-text">tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="16808" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">tcpdump</value><value key="Package Version">4.9.2-3</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="19519" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">tcpdump</value><value key="Package Version">4.9.2-3</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Byobu Apport hook may disclose sensitive information since it automatically uploads the local user\'s .screenrc which may contain private hostnames, usernames and passwords.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7306" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">byobu</value><value key="Package Version">5.125-0ubuntu1</value><value key="Package License">GPL-3</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0881" year="2012" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">libxerces2-java</value><value key="Package Version">2.11.0-8</value><value key="Package License">Apache-2.0</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka \'Azure SSH Keypairs Security Feature Bypass Vulnerability\'.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0816" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.10</value><value key="Package Name">cloud-init</value><value key="Package Version">18.4-0ubuntu1~16.04.2</value><value key="Package License">GPL-3 or Apache-2.0</value><value key="Vendor Status">fixed in 18.5-45-g3554ffe8-0ubuntu1~18.04.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user\'s process (e.g., a system backup running as root).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20482" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">tar</value><value key="Package Version">1.29b-2ubuntu0.1</value><value key="Package License">GPL-3</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\'s input buffer.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="2781" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">coreutils</value><value key="Package Version">8.28-1ubuntu1</value><value key="Package License">GPL-3</value><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A heap-based buffer overflow exists in Info-Zip UnZip version &lt;= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1000035" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">unzip</value><value key="Package Version">6.0-21ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="13716" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">deferred</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6965" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6966" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6969" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7209" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7210" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7223" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7224" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7225" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7226" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of \'\\0\' termination of a name field in ldlex.l.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7227" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9038" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9039" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9040" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9041" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9043" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9044" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9742" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9744" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9745" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9746" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9747" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9748" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9749" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9750" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9751" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9752" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6323" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6759" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6872" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">fixed in 2.30-20ubuntu2~18.04</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9996" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.26.1-1ubuntu1~16.04.7</value><value key="Package License">GPL</value><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="4645" year="2015" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">squashfs-tools</value><value key="Package Version">1:4.3-6ubuntu0.18.04.1</value><value key="Package License">GPL-2+</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="4646" year="2015" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">squashfs-tools</value><value key="Package Version">1:4.3-6ubuntu0.18.04.1</value><value key="Package License">GPL-2+</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of \'*\' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6293" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">flex</value><value key="Package Version">2.6.4-6</value><value key="Package License">GPL-3+</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9525" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.70</value><value key="Package Name">cron</value><value key="Package Version">3.0pl1-128.1ubuntu1</value><value key="Package License">GPL-2+</value><value key="Vendor Status">needed</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9755" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">ntfs-3g</value><value key="Package Version">1:2015.3.14AR.1-1ubuntu0.1</value><value key="Package License">GPL-2+</value><value key="Vendor Status">fixed in 1:2017.3.23-2ubuntu0.18.04.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7475" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">cairo (used in libcairo-script-interpreter2, libcairo2, libcairo2-dev, libcairo-gobject2)</value><value key="Package Version">1.15.10-2ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9814" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">cairo (used in libcairo-script-interpreter2, libcairo2, libcairo2-dev, libcairo-gobject2)</value><value key="Package Version">1.15.10-2ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="18064" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">cairo (used in libcairo-script-interpreter2, libcairo2, libcairo2-dev, libcairo-gobject2)</value><value key="Package Version">1.15.10-2ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6461" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">cairo (used in libcairo-script-interpreter2, libcairo2, libcairo2-dev, libcairo-gobject2)</value><value key="Package Version">1.15.10-2ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6462" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">cairo (used in libcairo-script-interpreter2, libcairo2, libcairo2-dev, libcairo-gobject2)</value><value key="Package Version">1.15.10-2ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0197" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">apache2 (used in apache2-utils)</value><value key="Package Version">2.4.29-1ubuntu4.6</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/&lt;global pid&gt;/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/&lt;global pid&gt;/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6552" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">apport (used in python3-apport, apport)</value><value key="Package Version">2.20.1-0ubuntu2.18</value><value key="Package License" /><value key="Vendor Status">fixed in 2.20.9-0ubuntu7.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In PyYAML before 4.1, the yaml.load() API could execute arbitrary code. In other words, yaml.safe_load is not used.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="18342" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">pyyaml (used in python-yaml, python3-yaml)</value><value key="Package Version">3.12-1build2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\'s input buffer.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="2568" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">policykit-1 (used in libpolkit-gobject-1-0, libpolkit-agent-1-0, libpolkit-backend-1-0, policykit-1)</value><value key="Package Version">0.105-20ubuntu0.18.04.5</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14159" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">openldap (used in libldap-2.4-2)</value><value key="Package Version">2.4.42+dfsg-2ubuntu3.4</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In all versions of AppArmor mount rules are accidentally widened when compiled.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1585" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">apparmor (used in libapparmor-perl)</value><value key="Package Version">2.10.95-0ubuntu2.10</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12015" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">perl (used in perl-modules-5.22, perl-base, libperl5.22, perl)</value><value key="Package Version">5.22.1-9ubuntu0.6</value><value key="Package License" /><value key="Vendor Status">fixed in 5.26.1-6ubuntu0.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="18311" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">perl (used in perl-modules-5.22, perl-base, libperl5.22, perl)</value><value key="Package Version">5.22.1-9ubuntu0.6</value><value key="Package License" /><value key="Vendor Status">fixed in 5.26.1-6ubuntu0.3</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="18312" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">perl (used in perl-modules-5.22, perl-base, libperl5.22, perl)</value><value key="Package Version">5.22.1-9ubuntu0.6</value><value key="Package License" /><value key="Vendor Status">fixed in 5.26.1-6ubuntu0.3</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="18313" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">perl (used in perl-modules-5.22, perl-base, libperl5.22, perl)</value><value key="Package Version">5.22.1-9ubuntu0.6</value><value key="Package License" /><value key="Vendor Status">fixed in 5.26.1-6ubuntu0.3</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="18314" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">perl (used in perl-modules-5.22, perl-base, libperl5.22, perl)</value><value key="Package Version">5.22.1-9ubuntu0.6</value><value key="Package License" /><value key="Vendor Status">fixed in 5.26.1-6ubuntu0.3</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1000500" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">busybox (used in busybox-initramfs, busybox-static)</value><value key="Package Version">1:1.27.2-2ubuntu3.2</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8845" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">lzo2 (used in liblzo2-2)</value><value key="Package Version">2.08-1.2</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1000021" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">git (used in git-man, git)</value><value key="Package Version">1:2.17.1-1ubuntu0.4</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="16869" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.70</value><value key="Package Name">nettle (used in libhogweed4, libnettle6)</value><value key="Package Version">3.4-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10906" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.60</value><value key="Package Name">jinja2 (used in python3-jinja2)</value><value key="Package Version">2.10-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7960" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libcroco (used in libcroco3)</value><value key="Package Version">0.6.12-2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an \"outside the range of representable values of type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports \"This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.\"</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7961" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">libcroco (used in libcroco3)</value><value key="Package Version">0.6.12-2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8834" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libcroco (used in libcroco3)</value><value key="Package Version">0.6.12-2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8871" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libcroco (used in libcroco3)</value><value key="Package Version">0.6.12-2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the \"allow-recursion\" setting, it SHOULD default to one of the following: none, if \"recursion no;\" is set in named.conf; a value inherited from the \"allow-query-cache\" or \"allow-query\" settings IF \"recursion yes;\" (the default for that setting) AND match lists are explicitly set for \"allow-query-cache\" or \"allow-query\" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of \"allow-recursion {localhost; localnets;};\" if \"recursion yes;\" is in effect and no values are explicitly set for \"allow-query-cache\" or \"allow-query\". However, because of the regression introduced by change #4777, it is possible when \"recursion yes;\" is in effect and no match list values are provided for \"allow-query-cache\" or \"allow-query\" for the setting of \"allow-recursion\" to inherit a setting of all hosts from the \"allow-query\" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0-&gt;9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5738" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">bind9 (used in bind9-host, libdns-export162, liblwres141, dnsutils, libisc160, libbind9-140, libdns162, libisc-export160, libisccfg140, libisccc140)</value><value key="Package Version">1:9.10.3.dfsg.P4-8ubuntu1.11</value><value key="Package License" /><value key="Vendor Status">fixed in 1:9.11.3+dfsg-1ubuntu1.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0-&gt;9.8.8, 9.9.0-&gt;9.9.13, 9.10.0-&gt;9.10.8, 9.11.0-&gt;9.11.4, 9.12.0-&gt;9.12.2, 9.13.0-&gt;9.13.2.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5740" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">bind9 (used in bind9-host, libdns-export162, liblwres141, dnsutils, libisc160, libbind9-140, libdns162, libisc-export160, libisccfg140, libisccc140)</value><value key="Package Version">1:9.10.3.dfsg.P4-8ubuntu1.11</value><value key="Package License" /><value key="Vendor Status">fixed in 1:9.11.3+dfsg-1ubuntu1.2</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5743" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">bind9 (used in bind9-host, libdns-export162, liblwres141, dnsutils, libisc160, libbind9-140, libdns162, libisc-export160, libisccfg140, libisccc140)</value><value key="Package Version">1:9.10.3.dfsg.P4-8ubuntu1.11</value><value key="Package License" /><value key="Vendor Status">fixed in 1:9.11.3+dfsg-1ubuntu1.7</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5744" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">bind9 (used in bind9-host, libdns-export162, liblwres141, dnsutils, libisc160, libbind9-140, libdns162, libisc-export160, libisccfg140, libisccc140)</value><value key="Package Version">1:9.10.3.dfsg.P4-8ubuntu1.11</value><value key="Package License" /><value key="Vendor Status">fixed in 1:9.11.3+dfsg-1ubuntu1.5</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5745" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">bind9 (used in bind9-host, libdns-export162, liblwres141, dnsutils, libisc160, libbind9-140, libdns162, libisc-export160, libisccfg140, libisccc140)</value><value key="Package Version">1:9.10.3.dfsg.P4-8ubuntu1.11</value><value key="Package License" /><value key="Vendor Status">fixed in 1:9.11.3+dfsg-1ubuntu1.5</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6465" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">bind9 (used in bind9-host, libdns-export162, liblwres141, dnsutils, libisc160, libbind9-140, libdns162, libisc-export160, libisccfg140, libisccc140)</value><value key="Package Version">1:9.10.3.dfsg.P4-8ubuntu1.11</value><value key="Package License" /><value key="Vendor Status">fixed in 1:9.11.3+dfsg-1ubuntu1.5</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">passes (encrypted) passwords as commandline arguments</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6655" year="2012" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">accountsservice (used in libaccountsservice0, accountsservice)</value><value key="Package Version">0.6.45-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14036" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">accountsservice (used in libaccountsservice0, accountsservice)</value><value key="Package Version">0.6.45-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9019" year="2015" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">libxslt (used in libxslt1.1)</value><value key="Package Version">1.1.29-5ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\'s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5388" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">tomcat7 (used in libservlet3.0-java)</value><value key="Package Version">7.0.78-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12616" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">tomcat7 (used in libservlet3.0-java)</value><value key="Package Version">7.0.78-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12617" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">tomcat7 (used in libservlet3.0-java)</value><value key="Package Version">7.0.78-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to \'/foo/\' when the user requested \'/foo\') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11784" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.30</value><value key="Package Name">tomcat7 (used in libservlet3.0-java)</value><value key="Package Version">7.0.78-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14048" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libpng1.6 (used in libpng16-16)</value><value key="Package Version">1.6.34-1ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="2663" year="2012" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">iptables (used in libip4tc0)</value><value key="Package Version">1.6.1-2ubuntu2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of \'*\' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6293" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">flex (used in libfl-dev)</value><value key="Package Version">2.6.0-11</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="15686" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.6</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="15687" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.6</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="15688" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.4</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="16864" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.11</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="16865" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.11</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon \':\'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="16866" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">3.30</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.11</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6954" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.9</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="3842" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.00</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.19</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="3843" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="3844" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6454" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.13</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20839" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">systemd (used in systemd-sysv)</value><value key="Package Version">229-4ubuntu21.10</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="3144" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">isc-dhcp (used in isc-dhcp-client)</value><value key="Package Version">4.3.3-5ubuntu12.10</value><value key="Package License" /><value key="Vendor Status">fixed in 4.3.5-3ubuntu5</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server (CVE-2018-5732) * dhcp: Reference count overflow in dhcpd allows denial of service (CVE-2018-5733) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank ISC for reporting these issues. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of these issues.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5732" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">isc-dhcp (used in isc-dhcp-client)</value><value key="Package Version">4.3.3-5ubuntu12.10</value><value key="Package License" /><value key="Vendor Status">fixed in 4.3.5-3ubuntu5</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -&gt; 4.1-ESV-R15, 4.2.0 -&gt; 4.2.8, 4.3.0 -&gt; 4.3.6, 4.4.0.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5733" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">isc-dhcp (used in isc-dhcp-client)</value><value key="Package Version">4.3.3-5ubuntu12.10</value><value key="Package License" /><value key="Vendor Status">fixed in 4.3.5-3ubuntu5</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">&lt;div class="field field-name-field-cve-details-text field-type-text-long field-label-hidden "&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6470" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">isc-dhcp (used in isc-dhcp-client)</value><value key="Package Version">4.3.3-5ubuntu12.10</value><value key="Package License" /><value key="Vendor Status">fixed in 4.3.5-3ubuntu7.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="15906" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">openssh (used in openssh-server, openssh-client, openssh-sftp-server)</value><value key="Package Version">1:7.2p2-4ubuntu2.6</value><value key="Package License" /><value key="Vendor Status">fixed in 1:7.6p1-4</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="15473" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">openssh (used in openssh-server, openssh-client, openssh-sftp-server)</value><value key="Package Version">1:7.2p2-4ubuntu2.6</value><value key="Package License" /><value key="Vendor Status">fixed in 1:7.6p1-4ubuntu0.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.\'</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="15919" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">openssh (used in openssh-server, openssh-client, openssh-sftp-server)</value><value key="Package Version">1:7.2p2-4ubuntu2.6</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20685" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">openssh (used in openssh-server, openssh-client, openssh-sftp-server)</value><value key="Package Version">1:7.2p2-4ubuntu2.6</value><value key="Package License" /><value key="Vendor Status">fixed in 1:7.6p1-4ubuntu0.2</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6109" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.80</value><value key="Package Name">openssh (used in openssh-server, openssh-client, openssh-sftp-server)</value><value key="Package Version">1:7.2p2-4ubuntu2.6</value><value key="Package License" /><value key="Vendor Status">fixed in 1:7.6p1-4ubuntu0.2</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6110" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.80</value><value key="Package Name">openssh (used in openssh-server, openssh-client, openssh-sftp-server)</value><value key="Package Version">1:7.2p2-4ubuntu2.6</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6111" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">openssh (used in openssh-server, openssh-client, openssh-sftp-server)</value><value key="Package Version">1:7.2p2-4ubuntu2.6</value><value key="Package License" /><value key="Vendor Status">fixed in 1:7.6p1-4ubuntu0.3</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0039" year="2012" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.00</value><value key="Package Name">glib2.0 (used in libglib2.0-dev, libglib2.0-data, libglib2.0-0, libglib2.0-bin, libglib2.0-dev-bin)</value><value key="Package Version">2.56.4-0ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="4484" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.80</value><value key="Package Name">cryptsetup (used in libcryptsetup4)</value><value key="Package Version">2:1.6.6-5ubuntu2.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7947" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libxrandr (used in libxrandr-dev, libxrandr2)</value><value key="Package Version">2:1.5.1-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7948" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libxrandr (used in libxrandr-dev, libxrandr2)</value><value key="Package Version">2:1.5.1-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="4484" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.80</value><value key="Package Name">cryptsetup (used in libcryptsetup12, cryptsetup-bin, cryptsetup)</value><value key="Package Version">2:2.0.2-1ubuntu1.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text"> a null pointer dereference vulnerability was found in the certificate parsing code in python. this causes a denial of service to applications when parsing specially crafted certificates. this vulnerability is unlikely to be triggered if application enables ssl/tls certificate validation and accepts certificates only from trusted root certificate authorities.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5010" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">python2.7 (used in libpython2.7, libpython2.7-stdlib, python2.7-minimal, libpython2.7-minimal, python2.7-dev, libpython2.7-dev, python2.7)</value><value key="Package Version">2.7.15~rc1-1ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9636" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">python2.7 (used in libpython2.7, libpython2.7-stdlib, python2.7-minimal, libpython2.7-minimal, python2.7-dev, libpython2.7-dev, python2.7)</value><value key="Package Version">2.7.15~rc1-1ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n followed by an HTTP header or a Redis command.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9740" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.10</value><value key="Package Name">python2.7 (used in libpython2.7, libpython2.7-stdlib, python2.7-minimal, libpython2.7-minimal, python2.7-dev, libpython2.7-dev, python2.7)</value><value key="Package Version">2.7.15~rc1-1ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9947" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.10</value><value key="Package Name">python2.7 (used in libpython2.7, libpython2.7-stdlib, python2.7-minimal, libpython2.7-minimal, python2.7-dev, libpython2.7-dev, python2.7)</value><value key="Package Version">2.7.15~rc1-1ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\'local_file:///etc/passwd\') call.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9948" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">python2.7 (used in libpython2.7, libpython2.7-stdlib, python2.7-minimal, libpython2.7-minimal, python2.7-dev, libpython2.7-dev, python2.7)</value><value key="Package Version">2.7.15~rc1-1ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10360" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">file (used in libmagic1, file)</value><value key="Package Version">1:5.25-2ubuntu1.1</value><value key="Package License" /><value key="Vendor Status">fixed in 1:5.32-2ubuntu0.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8905" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">file (used in libmagic1, file)</value><value key="Package Version">1:5.25-2ubuntu1.1</value><value key="Package License" /><value key="Vendor Status">fixed in 1:5.32-2ubuntu0.2</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8906" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">file (used in libmagic1, file)</value><value key="Package Version">1:5.25-2ubuntu1.1</value><value key="Package License" /><value key="Vendor Status">fixed in 1:5.32-2ubuntu0.2</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8907" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">file (used in libmagic1, file)</value><value key="Package Version">1:5.25-2ubuntu1.1</value><value key="Package License" /><value key="Vendor Status">fixed in 1:5.32-2ubuntu0.2</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\'s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \'en-US\' is truncated to \'en\'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="15710" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In Apache httpd 2.4.0 to 2.4.29, the expression specified in &lt;FilesMatch&gt; could match \'$\' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="15715" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11763" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.4</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1283" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1301" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1302" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.4</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1303" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1312" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1333" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.4</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="17189" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.6</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="17199" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.6</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0196" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.6</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0197" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0211" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.6</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0217" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.6</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0220" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">apache2 (used in apache2-data, apache2-bin, apache2)</value><value key="Package Version">2.4.18-2ubuntu3.9</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.29-1ubuntu4.6</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text"> a null pointer dereference vulnerability was found in the certificate parsing code in python. this causes a denial of service to applications when parsing specially crafted certificates. this vulnerability is unlikely to be triggered if application enables ssl/tls certificate validation and accepts certificates only from trusted root certificate authorities.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5010" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">python3.6 (used in python3.6-minimal, libpython3.6-stdlib, libpython3.6-minimal, python3.6)</value><value key="Package Version">3.6.7-1~18.04</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9636" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">python3.6 (used in python3.6-minimal, libpython3.6-stdlib, libpython3.6-minimal, python3.6)</value><value key="Package Version">3.6.7-1~18.04</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n followed by an HTTP header or a Redis command.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9740" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.10</value><value key="Package Name">python3.6 (used in python3.6-minimal, libpython3.6-stdlib, libpython3.6-minimal, python3.6)</value><value key="Package Version">3.6.7-1~18.04</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9947" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.10</value><value key="Package Name">python3.6 (used in python3.6-minimal, libpython3.6-stdlib, libpython3.6-minimal, python3.6)</value><value key="Package Version">3.6.7-1~18.04</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20217" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">krb5 (used in libgssapi-krb5-2, libkrb5-3, libkrb5support0)</value><value key="Package Version">1.16-2build1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5729" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">krb5 (used in libgssapi-krb5-2, libkrb5-3, libkrb5support0)</value><value key="Package Version">1.16-2build1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.16-2ubuntu0.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5730" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">3.80</value><value key="Package Name">krb5 (used in libgssapi-krb5-2, libkrb5-3, libkrb5support0)</value><value key="Package Version">1.16-2build1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.16-2ubuntu0.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14498" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libjpeg-turbo (used in libjpeg-turbo8, libjpeg-turbo8-dev)</value><value key="Package Version">1.5.2-0ubuntu5.18.04.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1122" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.00</value><value key="Package Name">procps (used in libprocps4, procps)</value><value key="Package Version">2:3.3.10-4ubuntu2.4</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.3.12-3ubuntu1.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1123" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">procps (used in libprocps4, procps)</value><value key="Package Version">2:3.3.10-4ubuntu2.4</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.3.12-3ubuntu1.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1124" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">procps (used in libprocps4, procps)</value><value key="Package Version">2:3.3.10-4ubuntu2.4</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.3.12-3ubuntu1.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1125" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">procps (used in libprocps4, procps)</value><value key="Package Version">2:3.3.10-4ubuntu2.4</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.3.12-3ubuntu1.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1126" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">procps (used in libprocps4, procps)</value><value key="Package Version">2:3.3.10-4ubuntu2.4</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.3.12-3ubuntu1.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn\'t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="6556" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">3.30</value><value key="Package Name">lxc (used in liblxc1, lxc-common)</value><value key="Package Version">2.0.8-0ubuntu1~16.04.2</value><value key="Package License" /><value key="Vendor Status">fixed in 3.0.1-0ubuntu1~18.04.2</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10844" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">gnutls28 (used in libgnutls-openssl27, libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10845" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">gnutls28 (used in libgnutls-openssl27, libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10846" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.60</value><value key="Package Name">gnutls28 (used in libgnutls-openssl27, libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="16868" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.60</value><value key="Package Name">gnutls28 (used in libgnutls-openssl27, libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="3829" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">gnutls28 (used in libgnutls-openssl27, libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9893" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libseccomp (used in libseccomp2)</value><value key="Package Version">2.3.1-2.1ubuntu4.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7949" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libxrender (used in libxrender-dev, libxrender1)</value><value key="Package Version">1:0.9.10-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7950" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libxrender (used in libxrender-dev, libxrender1)</value><value key="Package Version">1:0.9.10-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20217" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">krb5 (used in libk5crypto3, krb5-locales)</value><value key="Package Version">1.16-2ubuntu0.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7445" year="2013" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8553" year="2015" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \"the underlying problem is non-trivial to handle.\"</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10723" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \"page lock order bug in the XFS seek hole/data implementation.\"</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8660" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0537" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10322" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel\'s proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng\'s utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1121" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12929" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12930" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12931" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="13053" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">3.30</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode-&gt;i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="13093" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="13095" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="13096" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="13097" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="13098" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="13099" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="13100" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14609" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14610" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14611" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14612" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14613" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14614" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14615" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14616" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14617" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="16862" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="17977" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.40</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="19985" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.60</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20169" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.80</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20669" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq\'s, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20784" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel before 5.0.4. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker can cause a denial of service (BUG).</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10124" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11486" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.00</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="2024" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="3892" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="3900" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5489" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">&lt;div class="field field-name-field-cve-details-text field-type-text-long field-label-hidden "&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11085" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11815" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">linux (used in linux-libc-dev)</value><value key="Package Version">4.15.0-50.54</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In all versions of AppArmor mount rules are accidentally widened when compiled.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1585" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">apparmor (used in libapparmor1, apparmor)</value><value key="Package Version">2.12-4ubuntu5.1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7944" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libxfixes (used in libxfixes-dev, libxfixes3)</value><value key="Package Version">1:5.0.3-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">ML-Date: 2012-02-28 17:01:19, ML-Subject: Re: [oss-security] CVE request: init script x11-common creates directories in insecure manners</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1093" year="2012" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">xorg (used in x11-common)</value><value key="Package Version">1:7.7+19ubuntu7.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\'s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="5388" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">tomcat7 (used in libtomcat7-java)</value><value key="Package Version">7.0.68-1ubuntu0.4</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12616" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">tomcat7 (used in libtomcat7-java)</value><value key="Package Version">7.0.68-1ubuntu0.4</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12617" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">tomcat7 (used in libtomcat7-java)</value><value key="Package Version">7.0.68-1ubuntu0.4</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to \'/foo/\' when the user requested \'/foo\') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11784" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.30</value><value key="Package Name">tomcat7 (used in libtomcat7-java)</value><value key="Package Version">7.0.68-1ubuntu0.4</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12098" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.40</value><value key="Package Name">heimdal (used in libheimbase1-heimdal, libhcrypto4-heimdal, libroken18-heimdal, libkrb5-26-heimdal, libasn1-8-heimdal, libwind0-heimdal, libgssapi3-heimdal, libheimntlm0-heimdal, libhx509-5-heimdal)</value><value key="Package Version">7.5.0+dfsg-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1000180" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">bouncycastle (used in libbcprov-java, libbcpg-java)</value><value key="Package Version">1.59-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\'Unsafe Reflection\') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1000613" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">bouncycastle (used in libbcprov-java, libbcpg-java)</value><value key="Package Version">1.59-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="14160" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libvorbis (used in libvorbisfile3, libvorbis0a)</value><value key="Package Version">1.3.5-4.2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10392" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libvorbis (used in libvorbisfile3, libvorbis0a)</value><value key="Package Version">1.3.5-4.2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10393" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">libvorbis (used in libvorbisfile3, libvorbis0a)</value><value key="Package Version">1.3.5-4.2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11065" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">gradle (used in libgradle-core-java, libgradle-plugins-java, gradle)</value><value key="Package Version">2.10-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="2663" year="2012" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">iptables (used in libxtables11, iptables)</value><value key="Package Version">1.6.0-2ubuntu3</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as \'Zip-Slip\'.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1002200" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">plexus-archiver (used in libplexus-archiver-java)</value><value key="Package Version">2.2-1+deb9u1build0.16.04.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8985" year="2015" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">glibc (used in libc-bin, libc6-dev, multiarch-support, libc6, libc-dev-bin, locales)</value><value key="Package Version">2.27-3ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="19591" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">glibc (used in libc-bin, libc6-dev, multiarch-support, libc6, libc-dev-bin, locales)</value><value key="Package Version">2.27-3ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7309" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">glibc (used in libc-bin, libc6-dev, multiarch-support, libc6, libc-dev-bin, locales)</value><value key="Package Version">2.27-3ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9085" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libwebp (used in libwebpdemux2, libwebp6, libwebpmux3)</value><value key="Package Version">0.6.1-2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7945" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">libxi (used in libxi6, libxi-dev)</value><value key="Package Version">2:1.7.9-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7946" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">libxi (used in libxi6, libxi-dev)</value><value key="Package Version">2:1.7.9-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="19358" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">gnome-keyring (used in libpam-gnome-keyring, gnome-keyring-pkcs11, gnome-keyring)</value><value key="Package Version">3.28.0.2-1ubuntu1.18.04.1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="2183" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">nss (used in libnss3-nssdb, libnss3)</value><value key="Package Version">2:3.28.4-0ubuntu0.16.04.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.28.4-0ubuntu1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox &lt; 56, Firefox ESR &lt; 52.4, and Thunderbird &lt; 52.4.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7805" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">nss (used in libnss3-nssdb, libnss3)</value><value key="Package Version">2:3.28.4-0ubuntu0.16.04.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.32-1ubuntu3</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0495" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">nss (used in libnss3-nssdb, libnss3)</value><value key="Package Version">2:3.28.4-0ubuntu0.16.04.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.35-2ubuntu2.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">When handling a SSLv2-compatible ClientHello request, the server doesn\'t generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12384" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">nss (used in libnss3-nssdb, libnss3)</value><value key="Package Version">2:3.28.4-0ubuntu0.16.04.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.35-2ubuntu2.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="12404" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">nss (used in libnss3-nssdb, libnss3)</value><value key="Package Version">2:3.28.4-0ubuntu0.16.04.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.35-2ubuntu2.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="18508" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">nss (used in libnss3-nssdb, libnss3)</value><value key="Package Version">2:3.28.4-0ubuntu0.16.04.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2:3.35-2ubuntu2.2</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versio</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1543" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.40</value><value key="Package Name">openssl (used in libssl-doc, libssl-dev, libssl1.1, openssl)</value><value key="Package Version">1.1.0g-2ubuntu4.3</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">TOCTOU race conditions by copying and removing directory trees</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="4235" year="2013" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">shadow (used in uidmap, login, passwd)</value><value key="Package Version">1:4.5-1ubuntu2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7169" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">shadow (used in uidmap, login, passwd)</value><value key="Package Version">1:4.5-1ubuntu2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1000632" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">dom4j (used in libdom4j-java)</value><value key="Package Version">2.1.0-2</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="7952" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">libxtst (used in libxtst6)</value><value key="Package Version">2:1.2.3-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to \'/foo/\' when the user requested \'/foo\') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11784" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.30</value><value key="Package Name">tomcat8 (used in libservlet3.1-java)</value><value key="Package Version">8.5.30-1ubuntu1.4</value><value key="Package License" /><value key="Vendor Status">fixed in 8.5.39-1ubuntu1~18.04.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="1336" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">tomcat8 (used in libservlet3.1-java)</value><value key="Package Version">8.5.30-1ubuntu1.4</value><value key="Package License" /><value key="Vendor Status">fixed in 8.5.39-1ubuntu1~18.04.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8034" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">tomcat8 (used in libservlet3.1-java)</value><value key="Package Version">8.5.30-1ubuntu1.4</value><value key="Package License" /><value key="Vendor Status">fixed in 8.5.39-1ubuntu1~18.04.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="8037" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">tomcat8 (used in libservlet3.1-java)</value><value key="Package Version">8.5.30-1ubuntu1.4</value><value key="Package License" /><value key="Vendor Status">fixed in 8.5.39-1ubuntu1~18.04.1</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API\'s blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="0199" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">tomcat8 (used in libservlet3.1-java)</value><value key="Package Version">8.5.30-1ubuntu1.4</value><value key="Package License" /><value key="Vendor Status">fixed in 8.5.39-1ubuntu1~18.04.1</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="3843" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in libsystemd0, libpam-systemd, udev, libudev1, systemd)</value><value key="Package Version">237-3ubuntu10.21</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="3844" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in libsystemd0, libpam-systemd, udev, libudev1, systemd)</value><value key="Package Version">237-3ubuntu10.21</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20839" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">systemd (used in libsystemd0, libpam-systemd, udev, libudev1, systemd)</value><value key="Package Version">237-3ubuntu10.21</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users\' sessions.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="2625" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxdmcp (used in libxdmcp-dev, libxdmcp6)</value><value key="Package Version">1:1.1.2-3</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="17973" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">tiff (used in libtiff5)</value><value key="Package Version">4.0.9-5ubuntu0.2</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="10126" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">tiff (used in libtiff5)</value><value key="Package Version">4.0.9-5ubuntu0.2</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="20060" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">python-urllib3 (used in python3-urllib3, python-urllib3)</value><value key="Package Version">1.22-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11236" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.10</value><value key="Package Name">python-urllib3 (used in python3-urllib3, python-urllib3)</value><value key="Package Version">1.22-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n followed by an HTTP header or a Redis command.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9740" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.10</value><value key="Package Name">python-urllib3 (used in python3-urllib3, python-urllib3)</value><value key="Package Version">1.22-1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string or PATH_INFO) followed by an HTTP header or a Redis command. This is similar to CVE-2019-9740.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="9947" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.10</value><value key="Package Name">python-urllib3 (used in python3-urllib3, python-urllib3)</value><value key="Package Version">1.22-1</value><value key="Package License" /><value key="Vendor Status">deferred</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.</description><location path="" type="url" /><tool category="image" code="46" name="Twistlock" /><cves><cve sequence-number="11324" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">python-urllib3 (used in python3-urllib3, python-urllib3)</value><value key="Package Version">1.22-1</value><value key="Package License" /><value key="Vendor Status">needed</value></metadata></finding></findings></report>