codedx_xml/cdx2.xml

<?xml version='1.0' encoding='utf-8'?>
<report date="2020-05-16T15:01:30.969543"><findings><finding severity="" type="Network"><description format="plain-text">No vulnerabilities nor compliance issues</description><location path="" type="url" /><tool category="CIS" code="0" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>alpine-3.9.2</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors" /></metadata></finding><finding severity="" type="Network"><description format="plain-text">No vulnerabilities nor compliance issues</description><location path="" type="url" /><tool category="CIS" code="0" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>alpine-3.9.2</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors" /></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2616" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">util-linux (used in libuuid)</value><value key="Package Version">2.32-r0</value><value key="Package License" /><value key="Vendor Status">fixed in 2.33-r0</value><value key="Risk Factors">Has fix, Medium severity</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20679" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">busybox (used in ssl_client, busybox)</value><value key="Package Version">1.28.4-r3</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack complexity: low, Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="5747" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">busybox (used in ssl_client, busybox)</value><value key="Package Version">1.28.4-r3</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack complexity: low, Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="0196" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">apache2 (used in apache2-utils)</value><value key="Package Version">2.4.38-r3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.39-r0</value><value key="Risk Factors">Has fix, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="0197" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">apache2 (used in apache2-utils)</value><value key="Package Version">2.4.38-r3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.39-r0</value><value key="Risk Factors">Has fix, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="0211" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">apache2 (used in apache2-utils)</value><value key="Package Version">2.4.38-r3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.39-r0</value><value key="Risk Factors">Attack complexity: low, Exploit exists, Has fix, High severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="0215" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">apache2 (used in apache2-utils)</value><value key="Package Version">2.4.38-r3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.39-r0</value><value key="Risk Factors">Attack vector: network, Has fix, High severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="0217" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">apache2 (used in apache2-utils)</value><value key="Package Version">2.4.38-r3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.39-r0</value><value key="Risk Factors">Attack vector: network, Has fix, High severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">&lt;div class=\"field field-name-field-cve-details-text field-type-text-long field-label-hidden \"&gt;</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="0220" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">apache2 (used in apache2-utils)</value><value key="Package Version">2.4.38-r3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.4.39-r0</value><value key="Risk Factors">Has fix, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Docker_CE_v1.1.0 - 4.1) Image should be created with a non-root user</description><location path="" type="url" /><tool category="CIS" code="41" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>alpine-3.8.4</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors" /></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user\'s process (e.g., a system backup running as root).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20482" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">tar</value><value key="Package Version">1.29b-2ubuntu0.1</value><value key="Package License">GPL-3</value><value key="Vendor Status">needed</value><value key="Risk Factors">DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10788" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libdbd-mysql-perl</value><value key="Package Version">4.046-1</value><value key="Package License">Artistic or GPL-1+</value><value key="Vendor Status">needed</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting\'s documentation has a \"your communication with the server will be encrypted\" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10789" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">libdbd-mysql-perl</value><value key="Package Version">4.046-1</value><value key="Package License">Artistic or GPL-1+</value><value key="Vendor Status">needed</value><value key="Risk Factors">Attack vector: network</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\'s input buffer.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2781" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">coreutils</value><value key="Package Version">8.28-1ubuntu1</value><value key="Package License">GPL-3</value><value key="Vendor Status">deferred</value><value key="Risk Factors">Attack complexity: low</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16869" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.70</value><value key="Package Name">nettle (used in libnettle6, libhogweed4)</value><value key="Package Version">3.4-1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9893" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libseccomp (used in libseccomp2)</value><value key="Package Version">2.3.1-2.1ubuntu4</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">TOCTOU race conditions by copying and removing directory trees</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="4235" year="2013" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name">shadow (used in passwd, login)</value><value key="Package Version">1:4.5-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors" /></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7169" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">shadow (used in passwd, login)</value><value key="Package Version">1:4.5-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2566" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.90</value><value key="Package Name">mysql-5.7 (used in libmysqlclient20)</value><value key="Package Version">5.7.25-0ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">fixed in 5.7.26-0ubuntu0.18.04.1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2581" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.90</value><value key="Package Name">mysql-5.7 (used in libmysqlclient20)</value><value key="Package Version">5.7.25-0ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">fixed in 5.7.26-0ubuntu0.18.04.1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2592" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.90</value><value key="Package Name">mysql-5.7 (used in libmysqlclient20)</value><value key="Package Version">5.7.25-0ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">fixed in 5.7.26-0ubuntu0.18.04.1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2614" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.40</value><value key="Package Name">mysql-5.7 (used in libmysqlclient20)</value><value key="Package Version">5.7.25-0ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">fixed in 5.7.26-0ubuntu0.18.04.1</value><value key="Risk Factors">Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2627" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.90</value><value key="Package Name">mysql-5.7 (used in libmysqlclient20)</value><value key="Package Version">5.7.25-0ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">fixed in 5.7.26-0ubuntu0.18.04.1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2628" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.90</value><value key="Package Name">mysql-5.7 (used in libmysqlclient20)</value><value key="Package Version">5.7.25-0ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">fixed in 5.7.26-0ubuntu0.18.04.1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2632" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">mysql-5.7 (used in libmysqlclient20)</value><value key="Package Version">5.7.25-0ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">fixed in 5.7.26-0ubuntu0.18.04.1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2683" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.90</value><value key="Package Name">mysql-5.7 (used in libmysqlclient20)</value><value key="Package Version">5.7.25-0ubuntu0.18.04.2</value><value key="Package License" /><value key="Vendor Status">fixed in 5.7.26-0ubuntu0.18.04.1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14159" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">openldap (used in libldap-common, libldap-2.4-2)</value><value key="Package Version">2.4.45+dfsg-1ubuntu1.1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors" /></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10844" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">gnutls28 (used in libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10845" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">gnutls28 (used in libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10846" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.60</value><value key="Package Name">gnutls28 (used in libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16868" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.60</value><value key="Package Name">gnutls28 (used in libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3829" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">gnutls28 (used in libgnutls30)</value><value key="Package Version">3.5.18-1ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3842" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.00</value><value key="Package Name">systemd (used in libudev1, libsystemd0)</value><value key="Package Version">237-3ubuntu10.13</value><value key="Package License" /><value key="Vendor Status">fixed in 237-3ubuntu10.19</value><value key="Risk Factors">Exploit exists, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3843" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in libudev1, libsystemd0)</value><value key="Package Version">237-3ubuntu10.13</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3844" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in libudev1, libsystemd0)</value><value key="Package Version">237-3ubuntu10.13</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20839" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">systemd (used in libudev1, libsystemd0)</value><value key="Package Version">237-3ubuntu10.13</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="8985" year="2015" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">glibc (used in libc6, libc-bin)</value><value key="Package Version">2.27-3ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack vector: network, DoS</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="19591" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">glibc (used in libc6, libc-bin)</value><value key="Package Version">2.27-3ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7309" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">glibc (used in libc6, libc-bin)</value><value key="Package Version">2.27-3ubuntu1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack complexity: low, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2663" year="2012" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">iptables (used in libxtables12)</value><value key="Package Version">1.6.1-2ubuntu2</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack complexity: low, Attack vector: network</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versio</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1543" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.40</value><value key="Package Name">openssl (used in libssl1.1, openssl)</value><value key="Package Version">1.1.0g-2ubuntu4.3</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12098" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">7.40</value><value key="Package Name">heimdal (used in libkrb5-26-heimdal, libroken18-heimdal, libgssapi3-heimdal, libwind0-heimdal, libhcrypto4-heimdal, libasn1-8-heimdal, libheimbase1-heimdal, libheimntlm0-heimdal, libhx509-5-heimdal)</value><value key="Package Version">7.5.0+dfsg-1</value><value key="Package License" /><value key="Vendor Status">needed</value><value key="Risk Factors">Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">(CIS_Docker_CE_v1.1.0 - 4.1) Image should be created with a non-root user</description><location path="" type="url" /><tool category="CIS" code="41" name="Twistlock" /><host><hostname>localhost</hostname><operating-system>Ubuntu-bionic</operating-system></host><metadata><value key="CVSS">0.00</value><value key="Package Name" /><value key="Package Version" /><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors" /></metadata></finding><finding severity="low" type="Network"><description format="plain-text">chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\'s input buffer.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2781" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">coreutils</value><value key="Package Version">8.26-3</value><value key="Package License">GPL-3</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12448" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12449" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12450" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12451" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12452" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12453" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12454" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12455" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12456" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12457" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12458" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12459" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12799" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12967" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="13710" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="13757" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14128" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14129" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14130" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during \"readelf -a\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14333" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14529" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14729" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14745" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14930" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14932" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14933" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14934" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14938" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14939" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Exploit exists</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14940" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14974" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15020" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15021" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15022" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15023" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15024" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15025" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15225" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15938" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a \"buffer overflow on fuzzed archive header,\" related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15996" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16826" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16827" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16828" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16829" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16830" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16831" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16832" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17080" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17121" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17122" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17123" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17124" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17125" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17126" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9038" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9039" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9040" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9041" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9042" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">readelf.c in GNU Binutils 2017-04-12 has a \"shift exponent too large for type unsigned long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9043" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9044" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9742" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Exploit exists</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9743" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9744" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9745" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of rae insns printing for this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9746" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Exploit exists</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9747" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Exploit exists</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, might allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution. NOTE: this may be related to a compiler bug.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9748" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Exploit exists</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9749" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Exploit exists</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9750" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Exploit exists</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9751" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9752" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9753" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9754" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of registers for bnd mode, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9755" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during \"objdump -D\" execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9756" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Exploit exists</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9954" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9955" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10372" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10373" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10534" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10535" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6323" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Exploit exists, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In GNU Binutils 2.30, there\'s an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6543" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The bfd_get_debug_link_info_1 function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) via a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6759" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6872" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7208" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7568" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7569" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7570" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7642" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7643" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="8945" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">binutils</value><value key="Package Version">2.28-5</value><value key="Package License">GPL</value><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user\'s process (e.g., a system backup running as root).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20482" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">tar</value><value key="Package Version">1.29b-1.1</value><value key="Package License">GPL-3</value><value key="Vendor Status">open</value><value key="Risk Factors">DoS, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9318" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">libxml2</value><value key="Package Version">2.9.4+dfsg1-2.2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16932" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">libxml2</value><value key="Package Version">2.9.4+dfsg1-2.2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="18258" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libxml2</value><value key="Package Version">2.9.4+dfsg1-2.2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="5130" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libxml2</value><value key="Package Version">2.9.4+dfsg1-2.2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="5969" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">libxml2</value><value key="Package Version">2.9.4+dfsg1-2.2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">DoS</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="8872" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">libxml2</value><value key="Package Version">2.9.4+dfsg1-2.2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14404" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">libxml2</value><value key="Package Version">2.9.4+dfsg1-2.2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14567" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libxml2</value><value key="Package Version">2.9.4+dfsg1-2.2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A heap-based buffer overflow exists in Info-Zip UnZip version &lt;= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1000035" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">unzip</value><value key="Package Version">6.0-21</value><value key="Package License" /><value key="Vendor Status">fixed in 6.0-21+deb9u1</value><value key="Risk Factors">Attack complexity: low, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11068" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libxslt (used in libxslt1.1)</value><value key="Package Version">1.1.29-2.1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In all versions of AppArmor mount rules are accidentally widened when compiled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1585" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">apparmor (used in libapparmor1)</value><value key="Package Version">2.11.0-3+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2422" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">3.10</value><value key="Package Name">openjdk-8 (used in openjdk-8-jre, openjdk-8-jre-headless)</value><value key="Package Version">8u181-b13-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">fixed in 8u212-b01-1~deb9u1</value><value key="Risk Factors">Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2602" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">openjdk-8 (used in openjdk-8-jre, openjdk-8-jre-headless)</value><value key="Package Version">8u181-b13-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2684" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">openjdk-8 (used in openjdk-8-jre, openjdk-8-jre-headless)</value><value key="Package Version">8u181-b13-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2698" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">openjdk-8 (used in openjdk-8-jre, openjdk-8-jre-headless)</value><value key="Package Version">8u181-b13-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1000858" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">gnupg2 (used in gpgv, dirmngr, gnupg-agent, gnupg)</value><value key="Package Version">2.1.18-8~deb9u3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9234" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">gnupg2 (used in gpgv, dirmngr, gnupg-agent, gnupg)</value><value key="Package Version">2.1.18-8~deb9u3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9928" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">gst-plugins-base1.0 (used in gstreamer1.0-x, gstreamer1.0-plugins-base, libgstreamer-plugins-base1.0-0)</value><value key="Package Version">1.10.4-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.10.4-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability, Remote execution</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10228" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, DoS</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10739" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1000408" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.24-11+deb9u4</value><value key="Risk Factors">Attack complexity: low, Has fix, High severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1000409" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.00</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.24-11+deb9u4</value><value key="Risk Factors">Exploit exists, Has fix, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12132" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Medium severity</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15670" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.24-11+deb9u4</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, High severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15671" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.24-11+deb9u4</value><value key="Risk Factors">Attack vector: network, DoS, Has fix, Medium severity</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15804" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.24-11+deb9u4</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, High severity</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16997" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.24-11+deb9u4</value><value key="Risk Factors">Attack complexity: low, Has fix, High severity</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="18269" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.24-11+deb9u4</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, High severity</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1000001" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Exploit exists, High severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11236" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.24-11+deb9u4</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, High severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11237" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.24-11+deb9u4</value><value key="Risk Factors">Attack complexity: low, Exploit exists, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6485" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6551" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9169" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">glibc (used in libc-bin, multiarch-support, libc6)</value><value key="Package Version">2.24-11+deb9u3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12678" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">taglib (used in libtag1v5-vanilla, libtag1v5)</value><value key="Package Version">1.11.1+dfsg.1-0.1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11439" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">taglib (used in libtag1v5-vanilla, libtag1v5)</value><value key="Package Version">1.11.1+dfsg.1-0.1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="19840" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">wavpack (used in libwavpack1)</value><value key="Package Version">5.0.0-2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="19841" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">wavpack (used in libwavpack1)</value><value key="Package Version">5.0.0-2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11498" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">wavpack (used in libwavpack1)</value><value key="Package Version">5.0.0-2+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12424" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">shadow (used in login, passwd)</value><value key="Package Version">1:4.4-4.1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, High severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7169" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">shadow (used in login, passwd)</value><value key="Package Version">1:4.4-4.1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications\' private data).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6328" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">libexif (used in libexif12)</value><value key="Package Version">0.6.21-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7544" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">libexif (used in libexif12)</value><value key="Package Version">0.6.21-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20030" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">libexif (used in libexif12)</value><value key="Package Version">0.6.21-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">nghttp2 version &gt;= 1.10.0 and nghttp2 &lt;= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in &gt;= 1.31.1.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1000168" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">nghttp2 (used in libnghttp2-14)</value><value key="Package Version">1.18.1-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An error in the \"read_metadata_vorbiscomment_()\" function (src/libFLAC/stream_decoder.c) in FLAC version 1.3.2 can be exploited to cause a memory leak via a specially crafted FLAC file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6888" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">flac (used in libflac8)</value><value key="Package Version">1.3.2-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\'s input buffer.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2779" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">util-linux (used in mount, libsmartcols1, libuuid1, libfdisk1, bsdutils, libmount1, libblkid1, util-linux)</value><value key="Package Version">2.29.2-1+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, High severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="8834" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libcroco (used in libcroco3)</value><value key="Package Version">0.6.11-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="8871" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libcroco (used in libcroco3)</value><value key="Package Version">0.6.11-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Exploit exists</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. The product proceeds to the dereference code path even after a \"dubious character `[\' in name or alias field\" detection.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10754" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">ncurses (used in ncurses-bin, libncursesw5, libncurses5, ncurses-base, libtinfo5)</value><value key="Package Version">6.0+20161126-1+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*\' in name or alias field\" detection.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="19211" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">ncurses (used in ncurses-bin, libncursesw5, libncurses5, ncurses-base, libtinfo5)</value><value key="Package Version">6.0+20161126-1+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3855" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libssh2 (used in libssh2-1)</value><value key="Package Version">1.7.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.7.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, High severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3856" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libssh2 (used in libssh2-1)</value><value key="Package Version">1.7.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.7.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3857" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libssh2 (used in libssh2-1)</value><value key="Package Version">1.7.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.7.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3858" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">libssh2 (used in libssh2-1)</value><value key="Package Version">1.7.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.7.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3859" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">libssh2 (used in libssh2-1)</value><value key="Package Version">1.7.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.7.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3860" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">libssh2 (used in libssh2-1)</value><value key="Package Version">1.7.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.7.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3861" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">libssh2 (used in libssh2-1)</value><value key="Package Version">1.7.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.7.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3862" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.10</value><value key="Package Name">libssh2 (used in libssh2-1)</value><value key="Package Version">1.7.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.7.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3863" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libssh2 (used in libssh2-1)</value><value key="Package Version">1.7.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.7.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16428" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">glib2.0 (used in libglib2.0-0)</value><value key="Package Version">2.50.3-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16429" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">glib2.0 (used in libglib2.0-0)</value><value key="Package Version">2.50.3-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7475" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">cairo (used in libcairo2, libcairo-gobject2)</value><value key="Package Version">1.14.8-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9814" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">cairo (used in libcairo2, libcairo-gobject2)</value><value key="Package Version">1.14.8-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="18064" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">cairo (used in libcairo2, libcairo-gobject2)</value><value key="Package Version">1.14.8-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6461" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">cairo (used in libcairo2, libcairo-gobject2)</value><value key="Package Version">1.14.8-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6462" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">cairo (used in libcairo2, libcairo-gobject2)</value><value key="Package Version">1.14.8-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">When handling a SSLv2-compatible ClientHello request, the server doesn\'t generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12384" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">nss (used in libnss3)</value><value key="Package Version">2:3.26.2-1.1+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12404" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">nss (used in libnss3)</value><value key="Package Version">2:3.26.2-1.1+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">sharplibzip before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as \'Zip-Slip\'.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1002208" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">mono (used in libmono-system-management4.0-cil, libmono-system-design4.0-cil, libmono-system-identitymodel4.0-cil, libmono-system-servicemodel-routing4.0-cil, libmono-system-net4.0-cil, mono-4.0-service, libmono-debugger-soft4.0a-cil, libmono-microsoft-build4.0-cil, libmono-microsoft-build-framework4.0-cil, mono-gac, libmono-system-data4.0-cil, libmono-csharp4.0c-cil, libmono-2.0-1, libmono-system-numerics-vectors4.0-cil, libmonosgen-2.0-1, libmono-relaxng4.0-cil, libmono-system-runtime-durableinstancing4.0-cil, libmono-i18n-other4.0-cil, mono-runtime-common, libmono-compilerservices-symbolwriter4.0-cil, libmono-system-web-webpages-razor2.0-cil, monodoc-base, ca-certificates-mono, libmono-cscompmgd0.0-cil, libmono-system-deployment4.0-cil, libmono-management4.0-cil, libmono-system-configuration-install4.0-cil, libmono-system-web-extensions4.0-cil, libmono-system-core4.0-cil, libmono-system-ldap-protocols4.0-cil, libmono-system-transactions4.0-cil, libmono-system-reactive-core2.2-cil, libmono-system-reactive-windows-threading2.2-cil, libmono-system-componentmodel-dataannotations4.0-cil, libmono-system-runtime-caching4.0-cil, libmono-tasklets4.0-cil, libmono-system-io-compression-filesystem4.0-cil, libmono-system-reactive-windows-forms2.2-cil, libmono-i18n4.0-all, libmono-microsoft-build-utilities-v4.0-4.0-cil, libmono-system-drawing4.0-cil, libmono-system-data-linq4.0-cil, libmono-system-workflow-activities4.0-cil, libmono-data-tds4.0-cil, libmono-system-web-routing4.0-cil, libmono-cecil-private-cil, libmono-system-drawing-design4.0-cil, libmono-system-net-http-webrequest4.0-cil, libmono-system-windows-forms-datavisualization4.0a-cil, libmono-system-servicemodel4.0a-cil, libmono-cairo4.0-cil, libmono-system-servicemodel-discovery4.0-cil, libmono-microsoft-build-engine4.0-cil, mono-runtime-sgen, libmono-system-web-http-webhost4.0-cil, libmono-system-web-regularexpressions4.0-cil, libmonoboehm-2.0-1, libmono-system-xml-linq4.0-cil, libmono-system-messaging4.0-cil, libmono-system-net-http-formatting4.0-cil, libmono-system-threading-tasks-dataflow4.0-cil, monodoc-manual, libmono-i18n-west4.0-cil, libmono-system-reactive-interfaces2.2-cil, libmono-system-web-mobile4.0-cil, libmono-system-xaml4.0-cil, mono-complete, libmono-system-data-datasetextensions4.0-cil, libmono-system-reactive-experimental2.2-cil, libmono-system-servicemodel-activation4.0-cil, libmono-db2-1.0-cil, libmono-system-web-http4.0-cil, mono-4.0-gac, libmono-system-data-services-client4.0-cil, libmono-system4.0-cil, mono-csharp-shell, libmono-system-ldap4.0-cil, libmono-custommarshalers4.0-cil, libmono-system-reactive-providers2.2-cil, libmono-peapi4.0a-cil, libmono-system-runtime-serialization-formatters-soap4.0-cil, mono-jay, libmono-system-json-microsoft4.0-cil, libmono-system-xml4.0-cil, libmono-system-windows4.0-cil, libmono-security4.0-cil, libmono-system-runtime-interopservices-runtimeinformation4.0-cil, libmono-messaging4.0-cil, libmono-system-web-extensions-design4.0-cil, libmono-posix4.0-cil, libmono-simd4.0-cil, mono-mcs, libmono-2.0-dev, libmono-rabbitmq4.0-cil, libmono-system-runtime4.0-cil, libmono-xbuild-tasks4.0-cil, libmono-webbrowser4.0-cil, libmono-webmatrix-data4.0-cil, libmono-sqlite4.0-cil, libmono-system-componentmodel-composition4.0-cil, libmono-ldap4.0-cil, libmono-messaging-rabbitmq4.0-cil, libmono-system-enterpriseservices4.0-cil, libmono-system-runtime-serialization4.0-cil, libmono-i18n4.0-cil, libmono-accessibility4.0-cil, libmono-system-web-applicationservices4.0-cil, libmono-system-reactive-debugger2.2-cil, libmono-microsoft-web-infrastructure1.0-cil, libmono-system-workflow-runtime4.0-cil, libmono-codecontracts4.0-cil, libmono-system-configuration4.0-cil, libmono-system-reactive-platformservices2.2-cil, libmono-microsoft-build-tasks-v4.0-4.0-cil, libmono-system-identitymodel-selectors4.0-cil, libmono-sharpzip4.84-cil, libmono-i18n-mideast4.0-cil, libmono-system-web-webpages-deployment2.0-cil, libmono-system-web4.0-cil, libmono-parallel4.0-cil, libmono-system-web-razor2.0-cil, libmono-microsoft-visualc10.0-cil, libmono-i18n-rare4.0-cil, libmono-system-security4.0-cil, mono-devel, libmono-system-web-webpages2.0-cil, libmono-system-windows-forms4.0-cil, libmono-system-data-services4.0-cil, libmonosgen-2.0-dev, libmono-system-data-entity4.0-cil, libmono-microsoft-csharp4.0-cil, libmono-system-servicemodel-internals0.0-cil, libmono-smdiagnostics0.0-cil, libmono-system-workflow-componentmodel4.0-cil, libmono-system-json4.0-cil, libmono-system-serviceprocess4.0-cil, libmono-system-web-http-selfhost4.0-cil, mono-xbuild, libmono-http4.0-cil, libmono-system-web-mvc3.0-cil, mono-utils, libmono-system-reactive-linq2.2-cil, libmono-system-reactive-runtime-remoting2.2-cil, libmono-system-servicemodel-web4.0-cil, libmono-system-net-http4.0-cil, libmono-corlib4.5-cil, libmono-cil-dev, libmono-system-web-abstractions4.0-cil, libmono-system-xml-serialization4.0-cil, libmono-system-reactive-observable-aliases0.0-cil, libmono-i18n-cjk4.0-cil, libmono-system-dynamic4.0-cil, libmono-system-web-dynamicdata4.0-cil, libmono-system-numerics4.0-cil, mono-runtime, libmono-system-io-compression4.0-cil, libmono-system-reflection-context4.0-cil, libmono-windowsbase4.0-cil, libmono-system-web-services4.0-cil, libmono-oracle4.0-cil, libmono-profiler)</value><value key="Package Version">4.6.2.7+dfsg-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12613" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.10</value><value key="Package Name">apr (used in libapr1)</value><value key="Package Version">1.5.2-5</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1049" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">systemd (used in udev, libsystemd0, libpam-systemd, libudev1, systemd)</value><value key="Package Version">232-25+deb9u9</value><value key="Package License" /><value key="Vendor Status">fixed in 232-25+deb9u10</value><value key="Risk Factors">Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15686" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">systemd (used in udev, libsystemd0, libpam-systemd, libudev1, systemd)</value><value key="Package Version">232-25+deb9u9</value><value key="Package License" /><value key="Vendor Status">fixed in 232-25+deb9u10</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Exploit exists, Has fix, High severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16888" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">systemd (used in udev, libsystemd0, libpam-systemd, libudev1, systemd)</value><value key="Package Version">232-25+deb9u9</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6954" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in udev, libsystemd0, libpam-systemd, libudev1, systemd)</value><value key="Package Version">232-25+deb9u9</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the \"allow_active\" element rather than \"allow_any\".</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3842" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.00</value><value key="Package Name">systemd (used in udev, libsystemd0, libpam-systemd, libudev1, systemd)</value><value key="Package Version">232-25+deb9u9</value><value key="Package License" /><value key="Vendor Status">fixed in 232-25+deb9u11</value><value key="Risk Factors">Exploit exists, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3843" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in udev, libsystemd0, libpam-systemd, libudev1, systemd)</value><value key="Package Version">232-25+deb9u9</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3844" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">systemd (used in udev, libsystemd0, libpam-systemd, libudev1, systemd)</value><value key="Package Version">232-25+deb9u9</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="18248" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">cups (used in libcups2)</value><value key="Package Version">2.2.1-8+deb9u2</value><value key="Package License" /><value key="Vendor Status">fixed in 2.2.1-8+deb9u3</value><value key="Risk Factors">Attack vector: network, Has fix</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16612" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">wayland (used in libwayland-server0, libwayland-client0, libwayland-cursor0)</value><value key="Package Version">1.12.0-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.12.0-1+deb9u1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, Medium severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1152" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libjpeg-turbo (used in libjpeg62-turbo)</value><value key="Package Version">1:1.5.1-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14498" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libjpeg-turbo (used in libjpeg62-turbo)</value><value key="Package Version">1:1.5.1-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20544" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libcaca (used in libcaca0)</value><value key="Package Version">0.99.beta19-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20546" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">libcaca (used in libcaca0)</value><value key="Package Version">0.99.beta19-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20547" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">libcaca (used in libcaca0)</value><value key="Package Version">0.99.beta19-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20549" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libcaca (used in libcaca0)</value><value key="Package Version">0.99.beta19-2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7697" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libsamplerate (used in libsamplerate0)</value><value key="Package Version">0.1.8-8</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7317" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">libpng1.6 (used in libpng16-16)</value><value key="Package Version">1.6.28-1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.6.28-1+deb9u1</value><value key="Risk Factors">Attack vector: network, Has fix, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11464" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">librsvg (used in librsvg2-common, librsvg2-2)</value><value key="Package Version">2.40.16-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Medium severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15853" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15854" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15855" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15856" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15857" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15858" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15859" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15861" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15862" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15863" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="15864" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">libxkbcommon (used in libxkbcommon0)</value><value key="Package Version">0.7.1-2~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17942" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">tiff (used in libtiff5)</value><value key="Package Version">4.0.8-2+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12900" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">tiff (used in libtiff5)</value><value key="Package Version">4.0.8-2+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17000" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">tiff (used in libtiff5)</value><value key="Package Version">4.0.8-2+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17100" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">tiff (used in libtiff5)</value><value key="Package Version">4.0.8-2+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="19210" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">tiff (used in libtiff5)</value><value key="Package Version">4.0.8-2+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted tiff file. This is different from CVE-2018-12900.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7663" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">tiff (used in libtiff5)</value><value key="Package Version">4.0.8-2+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versio</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1543" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.40</value><value key="Package Name">openssl (used in libssl1.1, openssl)</value><value key="Package Version">1.1.0j-1~deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11555" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">wpa (used in wpasupplicant)</value><value key="Package Version">2:2.4-1+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9494" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">wpa (used in wpasupplicant)</value><value key="Package Version">2:2.4-1+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9495" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">3.70</value><value key="Package Name">wpa (used in wpasupplicant)</value><value key="Package Version">2:2.4-1+deb9u2</value><value key="Package License" /><value key="Vendor Status">fixed in 2:2.4-1+deb9u3</value><value key="Risk Factors">Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9496" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">wpa (used in wpasupplicant)</value><value key="Package Version">2:2.4-1+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9497" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">wpa (used in wpasupplicant)</value><value key="Package Version">2:2.4-1+deb9u2</value><value key="Package License" /><value key="Vendor Status">fixed in 2:2.4-1+deb9u3</value><value key="Risk Factors">Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9498" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">wpa (used in wpasupplicant)</value><value key="Package Version">2:2.4-1+deb9u2</value><value key="Package License" /><value key="Vendor Status">fixed in 2:2.4-1+deb9u3</value><value key="Risk Factors">Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9499" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">wpa (used in wpasupplicant)</value><value key="Package Version">2:2.4-1+deb9u2</value><value key="Package License" /><value key="Vendor Status">fixed in 2:2.4-1+deb9u3</value><value key="Risk Factors">Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="12562" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, High severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14245" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14246" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14634" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17456" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="17457" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In libsndfile version 1.0.28, an error in the \"aiff_read_chanmap()\" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6892" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="19661" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="19662" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">There is a heap-based buffer over-read at wav.c in wav_write_header in libsndfile 1.0.28 that will cause a denial of service.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="19758" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">libsndfile (used in libsndfile1)</value><value key="Package Version">1.0.27-3</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ttf file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7999" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">graphite2 (used in libgraphite2-3)</value><value key="Package Version">1.3.10-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0-&gt;9.8.8, 9.9.0-&gt;9.9.13, 9.10.0-&gt;9.10.8, 9.11.0-&gt;9.11.4, 9.12.0-&gt;9.12.2, 9.13.0-&gt;9.13.2.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="5740" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">bind9 (used in liblwres141, libisccfg140, libdns162, libbind9-140, libisccc140, bind9-host, libisc160)</value><value key="Package Version">1:9.10.3.dfsg.P4-12.3+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20346" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">sqlite3 (used in libsqlite3-0)</value><value key="Package Version">3.16.2-5+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Medium severity, Recent vulnerability, Remote execution</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20505" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">sqlite3 (used in libsqlite3-0)</value><value key="Package Version">3.16.2-5+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20506" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">sqlite3 (used in libsqlite3-0)</value><value key="Package Version">3.16.2-5+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Medium severity, Recent vulnerability, Remote execution</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="8740" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">sqlite3 (used in libsqlite3-0)</value><value key="Package Version">3.16.2-5+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9936" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">sqlite3 (used in libsqlite3-0)</value><value key="Package Version">3.16.2-5+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="9937" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">sqlite3 (used in libsqlite3-0)</value><value key="Package Version">3.16.2-5+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14160" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libvorbis (used in libvorbis0a, libvorbisenc2)</value><value key="Package Version">1.3.5-4+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10392" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">libvorbis (used in libvorbis0a, libvorbisenc2)</value><value key="Package Version">1.3.5-4+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="10393" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">libvorbis (used in libvorbis0a, libvorbisenc2)</value><value key="Package Version">1.3.5-4+deb9u2</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1559" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">openssl1.0 (used in libssl1.0.2)</value><value key="Package Version">1.0.2q-1~deb9u1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.0.2r-1~deb9u1</value><value key="Risk Factors">Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="14062" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">libidn (used in libidn11)</value><value key="Package Version">1.33-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, High severity</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16869" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.70</value><value key="Package Name">nettle (used in libhogweed4, libnettle6)</value><value key="Package Version">3.3-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3977" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">giflib (used in libgif7)</value><value key="Package Version">5.1.4-0.4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11489" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">giflib (used in libgif7)</value><value key="Package Version">5.1.4-0.4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain \"Private-&gt;RunningCode - 2\" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11490" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.80</value><value key="Package Name">giflib (used in libgif7)</value><value key="Package Version">5.1.4-0.4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16890" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">curl (used in libcurl3, curl)</value><value key="Package Version">7.52.1-5+deb9u8</value><value key="Package License" /><value key="Vendor Status">fixed in 7.52.1-5+deb9u9</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large \'nt response\' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a \'large value\' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3822" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">curl (used in libcurl3, curl)</value><value key="Package Version">7.52.1-5+deb9u8</value><value key="Package License" /><value key="Vendor Status">fixed in 7.52.1-5+deb9u9</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, High severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn\'t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3823" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">curl (used in libcurl3, curl)</value><value key="Package Version">7.52.1-5+deb9u8</value><value key="Package License" /><value key="Vendor Status">fixed in 7.52.1-5+deb9u9</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\'s input buffer.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="2568" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.80</value><value key="Package Name">policykit-1 (used in libpolkit-gobject-1-0)</value><value key="Package Version">0.105-18+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors" /></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="1116" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.10</value><value key="Package Name">policykit-1 (used in libpolkit-gobject-1-0)</value><value key="Package Version">0.105-18+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="6133" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.70</value><value key="Package Name">policykit-1 (used in libpolkit-gobject-1-0)</value><value key="Package Version">0.105-18+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="11462" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">krb5 (used in libkrb5support0, libk5crypto3, libkrb5-3, libgssapi-krb5-2)</value><value key="Package Version">1.15-1+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="20217" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.30</value><value key="Package Name">krb5 (used in libkrb5support0, libk5crypto3, libkrb5-3, libgssapi-krb5-2)</value><value key="Package Version">1.15-1+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="5710" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">krb5 (used in libkrb5support0, libk5crypto3, libkrb5-3, libgssapi-krb5-2)</value><value key="Package Version">1.15-1+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="5729" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">4.70</value><value key="Package Name">krb5 (used in libkrb5support0, libk5crypto3, libkrb5-3, libgssapi-krb5-2)</value><value key="Package Version">1.15-1+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="5730" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">3.80</value><value key="Package Name">krb5 (used in libkrb5support0, libk5crypto3, libkrb5-3, libgssapi-krb5-2)</value><value key="Package Version">1.15-1+deb9u1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16868" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.60</value><value key="Package Name">gnutls28 (used in libgnutls30)</value><value key="Package Version">3.5.8-5+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3829" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">gnutls28 (used in libgnutls30)</value><value key="Package Version">3.5.8-5+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="3836" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">gnutls28 (used in libgnutls30)</value><value key="Package Version">3.5.8-5+deb9u4</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16062" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16402" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="16403" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="18310" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="18520" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="18521" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7149" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7150" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7664" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.</description><location path="" type="url" /><tool category="OS" code="46" name="Twistlock" /><cves><cve sequence-number="7665" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.50</value><value key="Package Name">elfutils (used in libelf1)</value><value key="Package Version">0.168-1</value><value key="Package License" /><value key="Vendor Status">open</value><value key="Risk Factors">Attack complexity: low, DoS, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="10237" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">com.google.guava_guava</value><value key="Package Version">19.0</value><value key="Package License" /><value key="Vendor Status">fixed in 24.1.1</value><value key="Risk Factors">Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="1000031" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">commons-fileupload_commons-fileupload</value><value key="Package Version">1.3.1</value><value key="Package License" /><value key="Vendor Status">fixed in 1.3.3</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Remote execution</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="10237" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">com.google.guava_guava</value><value key="Package Version">18.0</value><value key="Package License" /><value key="Vendor Status">fixed in 24.1.1</value><value key="Risk Factors">Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API\'s blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="0199" year="2019" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.50</value><value key="Package Name">apache tomcat</value><value key="Package Version">8.5.37</value><value key="Package License" /><value key="Vendor Status">fixed in 9.0.16, 8.5.38</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, High severity, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="15095" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.1, 2.8.10</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="17485" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Remote execution</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="7525" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.8.9, 2.7.9.1, 2.6.7.1</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="1000873" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.8</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="14718" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.7</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability, Remote execution</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="14719" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.7</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability, Remote execution</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="14720" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.7</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="14721" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">10.00</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.7</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="19360" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.8</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="19361" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.8</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="19362" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.8</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="5968" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.10</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack vector: network, High severity, Recent vulnerability, Remote execution</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="7489" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.5, 2.8.11.1, 2.7.9.3</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability, Remote execution</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="10237" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">5.90</value><value key="Package Name">com.google.guava_guava</value><value key="Package Version">23.6-jre</value><value key="Package License" /><value key="Vendor Status">fixed in 24.1.1</value><value key="Risk Factors">Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="4002" year="2013" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">7.10</value><value key="Package Name">xerces_xercesImpl</value><value key="Package Version">2.11.0</value><value key="Package License" /><value key="Vendor Status">fixed in 2.12.0</value><value key="Risk Factors">Attack vector: network, DoS, Has fix, High severity</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="3720" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-core</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="7051" year="2016" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.60</value><value key="Package Name">com.fasterxml.jackson.core_jackson-core</value><value key="Package Version">2.2.3</value><value key="Package License" /><value key="Vendor Status">fixed in 2.8.4, 2.7.8</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Has fix, High severity</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="5929" year="2017" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">ch.qos.logback_logback-core</value><value key="Package Version">1.1.3</value><value key="Package License" /><value key="Vendor Status">fixed in 1.2.0</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="1000873" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.9.7</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.8</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Has fix, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="19360" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.9.7</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.8</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="19361" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.9.7</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.8</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.</description><location path="" type="url" /><tool category="java" code="47" name="Twistlock" /><cves><cve sequence-number="19362" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.80</value><value key="Package Name">com.fasterxml.jackson.core_jackson-databind</value><value key="Package Version">2.9.7</value><value key="Package License" /><value key="Vendor Status">fixed in 2.9.8</value><value key="Risk Factors">Attack complexity: low, Attack vector: network, Critical severity, Has fix, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.</description><location path="" type="url" /><tool category="product" code="411" name="Twistlock" /><cves><cve sequence-number="13785" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">java</value><value key="Package Version">1.8.0_181</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack complexity: low, Attack vector: network, DoS, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.</description><location path="" type="url" /><tool category="product" code="411" name="Twistlock" /><cves><cve sequence-number="14048" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.50</value><value key="Package Name">java</value><value key="Package Version">1.8.0_181</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack complexity: low, Attack vector: network, Medium severity, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).</description><location path="" type="url" /><tool category="product" code="411" name="Twistlock" /><cves><cve sequence-number="3136" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">3.40</value><value key="Package Name">java</value><value key="Package Version">1.8.0_181</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="low" type="Network"><description format="plain-text">Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).</description><location path="" type="url" /><tool category="product" code="411" name="Twistlock" /><cves><cve sequence-number="3139" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">3.10</value><value key="Package Name">java</value><value key="Package Version">1.8.0_181</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack vector: network, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).</description><location path="" type="url" /><tool category="product" code="411" name="Twistlock" /><cves><cve sequence-number="3149" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.30</value><value key="Package Name">java</value><value key="Package Version">1.8.0_181</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).</description><location path="" type="url" /><tool category="product" code="411" name="Twistlock" /><cves><cve sequence-number="3169" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.30</value><value key="Package Name">java</value><value key="Package Version">1.8.0_181</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="critical" type="Network"><description format="plain-text">Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).</description><location path="" type="url" /><tool category="product" code="411" name="Twistlock" /><cves><cve sequence-number="3183" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">9.00</value><value key="Package Name">java</value><value key="Package Version">1.8.0_181</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack vector: network, Critical severity, Recent vulnerability</value></metadata></finding><finding severity="high" type="Network"><description format="plain-text">Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).</description><location path="" type="url" /><tool category="product" code="411" name="Twistlock" /><cves><cve sequence-number="3209" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">8.30</value><value key="Package Name">java</value><value key="Package Version">1.8.0_181</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack vector: network, High severity, Recent vulnerability</value></metadata></finding><finding severity="medium" type="Network"><description format="plain-text">Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). This vulnerability can only be exploited when Java Usage Tracker functionality is being used. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I</description><location path="" type="url" /><tool category="product" code="411" name="Twistlock" /><cves><cve sequence-number="3211" year="2018" /></cves><host><hostname>localhost</hostname><operating-system>debian-stretch</operating-system></host><metadata><value key="CVSS">6.60</value><value key="Package Name">java</value><value key="Package Version">1.8.0_181</value><value key="Package License" /><value key="Vendor Status" /><value key="Risk Factors">Attack complexity: low, Medium severity, Recent vulnerability</value></metadata></finding></findings></report>